Connector for Web Services

stalksurveyorΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

1.375 εμφανίσεις

Connector for
Web Services

The Web Services Connector allows you to connect to various systems with an exposed Web Services
interface. The Connector and default projects are available from
Microsoft Download Center
.

The Web Services connector is used as a platform for the following systems:



SAP ECC 5.0 and SAP ECC 6.0




Oracle PeopleSoft 9.1



Oracle eBusiness 12.1

For additional information about these systems, please refer to the TechNet doc
umentation for each
system. This article documents the Web Services Connector as a platform and common functionality.

Summary

Features

Supported variants

C
onnected data sources



Web Services based on SOAP

S
cenarios



Configured through Web Services
Configuration Tool

O
perations



Full Import, Delta Import




Add, Delete,
Replace

(Update)



Set Password, Change Password



Test parameters

S
chema



Configured through Web Services Configuration Tool

Interface with connected data source

The Web Service connector

integrates identities through Web Service operations with Forefront Identity
Manager (FIM) 2010. The connector requires the Web Service Project file to connect with the correct data
source. Th
is

project can either be downloaded from

Microsoft Download Center

or can be created by
using the Web Service Configuration Tool.

When FIM Synchronization Service invokes the Web Service connector, it loads its configured project file
(
.wsconfig

file). This file helps it to recognize
the

data source’s Endpoint
that
should be used to establish
a connection
and
the

workflow to execute in order to implement
a

FIM operation. To execute the
configured workflows, the web service connector is leverag
es

t
he .NET
4 Workflow Foundation

run time
engine.

FIM Synchronization Service
Web Services Connector
Data Source
Web Service
Config File
Work Flows
Config File
Data Contract
Assembly
Web Services Configuration Tool
Config File
Schema
Project File
Permissions in connected data source

The permissions needed are different depending on data source. Please refer to respective TechNet
document for further information.


Connector
update history

Build

Release

Revision list

5.0.
458
.0

2012 June

First release of the
Web

Services

Connector.


Requirements, before you begin,
and

installation

Prerequisites for Web Service C
onnector

Following applications should be present on your system before you start installing the
WebService

C
onnector
.

1.

For the Web Service Connector:



FIM Synchronization Service

o

FIM2010 Update 2, FIM2010 R2, or later.



.NET 4.0 Framework

2.

For Web Service Configuratio
n Tool



NET 4.0 Framework

To be able to create a Web Service Connector the configuration files (.wsconfig) must be present in the
extensions folder.


Installation of the Web Service Connector

The Connector and default projects are available from
Microsoft Download Center
.


Web
Service

Connector

MSI
: This MSI exposes two features:



Web
ServiceConnector

Runtime

which will install the core Connector, its dependencies
and the packaged Connector.



Web Service Configuration
Tool

that will install the Web Service Configuration Tool.


The configuration tool can be installed without having the Synchronization Service installed. This allows
configuration on a separate computer.

Default Projects

Additional default projects are shipped with the Web Services Connector. These are available as self
-
extract EXE files. You may download web service Connector project as appropriate to your requirement.

After the installation is complete the different comp
onents with their binaries are installed at below folder
location on your system.

Contents

Location

Web Service Connector Runtime

%Program Files%
\
Microsoft Forefront Identity
Management
\
2010
\
Synchronization
Service
\
Extensions

Web Service Connector Projec
t

% Program Files%
\
Microsoft Forefront Identity
Management
\
2010
\
Synchronization
Service
\
Extensions

Packaged Connector

% Program Files %
\
Microsoft Forefront Identity
Management
\
2010
\
Synchronization
Service
\
UIShell
\
XMLs
\
PackagedMAs

Web Service Configuration tool. This is the default
install location, you can choose to change it while
%Program Files%
\
Microsoft Forefront Identity
Management
\
2010
\
Synchronization
installation.

Service
\
UIShell
\
Web Service Configuration

Web Service
Project file


User can select any target folder to extract this file
into

but the

extracted project (
.wsconfig file
) will be
visible to FIM Sync UI only if it

i
s
extracted to FIM’s
Extensions folder. The e
xtracted project file will be
visible to the Web Se
rvice Configuration tool in any
location.


Additional Permissions

Project file can be saved and opened from any location (with the appropriate access privileges of its
executor); however, only project files that
a
re saved to
S
ynchronization Service
\
Extension

folder will
be able to get selected in the Web Service connector wizard accessed through FIM Sync UI.

The user running the Web Service Configuration tool will require the following privileges:



Read/Write permissions

to the
S
ynchronization Serv
ice Extension folder.



Read access to the registry key
HKLM
\
System
\
CurrentControlSet
\
Services
\

FIMSynchronizationService
\
Parameters

Configuration of Web Service Connector

Create Management Agent


Connectivity

On the
Connectivity

screen, select the
Web S
ervice Connector project

to be used
. Provide the
Host

and
Port
.


Global Parameters

Use the login credential procured from Web Service Admin for connecting to the Host. You must select
the following

:



If the location of data source observs Daylight Saving and the data source is configured to
automatically adjust to daylight saving settings then you must check the box for
Data Source
is configured to automatically adjust clock for Daylight Saving Time
.



I
f you want to trigger the test connection workflow from this connector then you must check
the check box for
Test Connection
.

Note
: Oracle EBS default project is missing the “
Data Source Server time zone
” and “
Data Source Server
date format
” parameters.
Therefore, in Full Import workflow the last import time is not preserved, due to
which delta import functionality will not work as expected.

Object Types

S
elect the object type
(s)

you want to work with.
The supported object types will be different dependin
g on
the connected system.


Attributes

C
heck all the mandatory attributes for the selected objects and the attributes you need to work with.

Follow the installer instructions to complete the process.

Web Services Configuration Tool

Creating a new Project

in Web Service Configuration Tool

The Web Service Configuration Tool allows you to create a new
.ws
config

project as well as use the
downloaded project template / default project from
Microsoft

Download Center
.


These are the high level steps to create a new Web Service project. Detailed steps can be found in the
next section.

1.

Open Web Service Configuration Tool. It opens a blank project.

2.

Go to File menu and click
New
(Figure a).
Or you can click on the shortcut just below the File
menu
(Figure
b
).



Figure a


Figure b

3.

Click on Discovery and then click
Add
.
This control allows discovering the exposed web service.
For detailed steps, see
Discovering Web S
ervices
.


Here, you must provide the new web service name and WSDL path which will retrieve the
exposed services, end
-
points and operations.

4.

Next step is to define the connector space schema, which is achieved by creating the Object
Type and defining the

attributes
. Click
Object Types

in left pane and click
Add
.


Enter a valid Object Type name and click
OK
.
For detailed steps, see

Connector Space Schema
Configuration
.

5.

When the object has been created, default blank workflows are created corresponding to
S
ynchronization Service actions.


6.

Next step is to configure the workflows for your object type. The Web Service Configuration Tool
facilitates you to create four different workflows:



Import: To import data from data source.

o

Full Import

o

Delta Import



Export: To export data to data source

o

Add

o

Delete

o

Replace



Password: To perform password management for the user (object type)

o

Set password

o

Change Password



Test Connection: To configure workflow which when invoked checks if the connection is
successfully est
ablished with the data source.

For more details see,
Workflows in Web Services Configuration Tool
.

7.

Click on the workflow that you want to configure. Go to the bottom section of central workflow
designer and declare the variables. Arguments are already defi
ned and Imports are already
specified and are specific to the activities. Below is an example of declared variables. Set the
properties in the right hand pane.


8.

The toolbox in right pane holds all the custom workflow specific ac
tivities (See

the reference
information section for more information
) that you require for configuration. Assign the values to
the variables that you are going to use for your logic.


9.

Save this project at the location:
%FIM_INSTALL_FOLDER%
\
Synchronization
Service
\
Extensions
.

It will be saved as
.ws
config

file.

Discovering Web Services

Discovery is the process of accessing a Web service through a WSDL (Web Services Description

Language) and retrieve its services, endpoi
nts and operations it provides. Services, endpoints and
operations are used by the Web Service Connector to access the data
-
source and synchronize identities
with Forefront Identity Manager (FIM).

Discover a new service

Follow below steps to perform a new

discovery.

1.

Open Web Service Configuration

Tool and Click on
Discovery

in the left hand side tree.

2.

Click
Add
. Below screen is displayed.
You should provide the new service name, the WSDL path
and the namespace:


Click
Next.
Specify the authentication type and use the credentials to continue.



Note:
The credential information provided is not stored.


3.

The WSDL
path is accessed to retrieve the service information
and the list of exposed
functions
is displayed.



If the WSDL path entered is incorrect then the Web Configuration Tool fails to retrieve the service
information and throws following error.



4.

Once the discovery is performed, then it lists the endpoint and the operations that ar
e discovered.


Click
Finish
.


When Finish button is pressed, compilation is performed. Compilation is a process of compiling the data
contract assembly, which may be a time consuming operation. User will be informed about compilation
errors if there will
be any.

After the discovery is performed, the tool displays the below screen.


You can also edit or remove the discovery by clicking on
Edit
and
Remove

buttons on the screen
respectively.


Note:

1.

The discovery contents that include Endpoints, Operations
and Operations arguments

may be
referenced by workflows. A
ny change (Edit / Remove) in discovery should be done carefully in
order not to harm the existing workflows. It is recommended to check the workflows after
d
iscovery changes

to confirm no errors wer
e caused by the change.

2.

You cannot discover two Endpoints with the

same name in the same project.

3.

For SAP specific *.wsconfig project, while updating Employee records we must lock (Enqueue)
them before doing any modification and unlock (Dequeue) then after

changes.
All these
operations must perform in same session and to make it possible we must enable cookies in our
WS call. By default it is OFF. Please find below the following steps to allow cookies in our WS call
:
-

a.

Change the wsconfig project file exten
sion to *.zip and extract it to

a

folder.

b.

Open
cfg.config

and look for
allowCookies="
false
"
. Change it to true

c.

Zip again the complete folder and rename it with file extension *.wsconfig.

d.

You are ready.

Connector Space Schema Configuration

The schema
configuration includes the listing the Object Types and Attributes for a specific
implementation. You can define the object types and the defining attributes for your project in Web
Service Configuration Tool
.

Create/Edit Object Type

Follow below steps to
create an object type:

1.

Open Web Services Configuration Tool and Click
Object Types

in left hand tree.

Click
Add

and provide unique name for the new object.



The object name can include following:



Characters
a
-
z
,
A
-
Z
,
0
-
9
,
hyphen

(
-
),
colon

(
:
) and
under
score

(
_
).



The first character of an object type name cannot be a hyphen (
-
).



The object type name cannot contain two or more consecutive hyphens (
--
).


2.

Click
OK.

The new Object Type is created.

Since,
workflows reference object types and attributes, they

are recommended to be defined

only after
the schema configuration is complete.

Create/Edit Attributes

The next step after creating an object type is to define attributes for the Object Type. Follow below steps
for creating attributes:

1.

Select the Object Ty
pe for which you want to define the attributes. Click
Add
.

It shows the
Attribute

dialogue.


The
attribute

name can include following:



Characters
a
-
z
,
A
-
Z

,
0
-
9
,
hyphen

(
-
),
colon

(
:
) and
underscore

(
_
).



The first character of an
attribute name

cannot be a hyphen (
-
).



The
attribute name

cannot contain two or more consecutive hyphens (
--
).


Note
:

1.

You can edit or remove
attribute
, by selecting; the
attribute

and then clicking
Edit

or
Remove

respectively.

2.

You must configure
at least one
attribute as an Anchor attribute.
I
f
no
anchor attribute is
defined then you will encounter errors
while configuring a web service connector
.

You may specify, if you want it to be multi
-
valued and whether it should behave as an anchor. Click
OK
.

The new attribute is created.

After the schema configuration is complete, you can continue with the configuration of Workflows in your
project.

Important:

You must remember the following points while working with connector space schema, as the changes in
schema might result in errors.

1.

If you have changed the schema through the web service configuration tool , you should also
validate that workflows are not including errors in a case where they have referenced to object
type / attributes you have changed.

2.

If you have changed the schema through the web service configuration tool and saved it to an
active web service connector that is referencing this project, then you must

refresh the schema
for the Connector in the FIM Synchronization Service UI.

Workflows

in Web Service
Configuration Tool

Workflow files are a series of
activities that are used by the Web Services Connector at run time in order
to implement an appropriate FIM operation. The tool allows you to configure four types of workflows
:



Import



Export



Password



Test Connection

The operation flow configuration is an interface to configure the above workflows through a series of
system and custom workflow activities
:

Import
W
orkflow

This operation includes two types of workflows: Full Import and Delta Im
port.

Export Workflow

Export workflow involves the exporting of data from FIM to connected
directory
. It supports three types of
operations: Add, Delete and Replace. You can configure them as per your requirement.

Password Workflow

This operation allows configuring
the workflows associated with user passwords. The
r
e are two types:



Set password:
This operation is setting a user’s password on the data source.



Change password: This operation is changing a user’s password on the data
source only after his
existing password has been successfully confirmed.

Test Connection

Test connection workflow allows you to configure a workflow to check if the connection with data source
server is successfully established.


The test connection workf
low is run when the Test Connection checkbox is selected and you select “Next
>”.



P
assword Management

The Web Service Configuration Tool enables you to manage the password for the users (object type) by
defining a workflow. The password for an employee
can be managed through the user corresponding to
the employee.


You can perform two operations under password management:

Set Password:

In this case, the user can set a new password for his account. It does not require the old

password to
proceed.


Change

Password
:


In this case, user may want to change the password or he is prompted to change password after a
specified time. For this operation to happen, both old and new passwords are mandatory.


Troubleshooting

By default, Web Service Connector logging i
s disabled. In order to turn ON logging, you should perform
following operation:

1.

Open file FIM_INSTALL_DIR
\
Synchronization Service
\
Extensions
\
Logging.xml

2.

Goto the “LoggingLevel” section and change the value to 2 or 3.

Logging level section:


<setting
name="LoggingLevel" serializeAs="String">

<value>0</value>

</setting>

3.

The different logging values represent the following:

a.

Value 2


High logging


High important events (e.g. Exceptions) are logged.

b.

Value 3


Verbose logging


All the activities perform
ed are logged.

c.

Any other value than the above represents logging disabled.

4.

Save the changes.


Log file is written to folder:

FIM_INSTALL_DIR
\
Synchronization Service
\
Extensions

Log file name:

WebServiceConnector.log


Log File size restriction:

By
default, maximum log file size is restricted to 10 MB. If it is exceeded a new log file is created and the
old log file is renamed to LogFileName.Index.log. After the first rotation the next 3 rotations of web service
connector log file will result in foll
owing log files at the extension folder:

WebServiceConnector.log


current log

WebServiceConnector.1.log


first history log file

WebServiceConnector.2.log


second history log file

WebServiceConnector.3.log


third history log file


Important:

You must
remember the following while working with both Web Service Configuration Tool as well
as Web Service Connector:

1.

It is highly recommended to exclude the log file name from your Antivirus scanner to avoid the
Antivirus scanner from engaging the file at the s
ame time it is being accessed by the connector or
by the web service configuration tool.

2.

Log Level configuration is sampled by the Web Service configuration tool at the time of its first
execution
. Any

changes made to Log Level configuration at the time the tool is running will
require the restart of the W
eb
S
ervice configuration

tool in order to take effect.

Performance Testing

Scale

Topology

Hardware







Note: The server hardware used is not representative for a large organization. The numbers presented
should be used to understand the difference between different operations.
You are encouraged and
expected to configure your own test environments to more a
ccurately estimate capacity and performance.
Microsoft cannot guarantee that organizations will experience the same capacity or performance
characteristics, even if the FIM Synchronization service components are deployed and configured
identically to the c
omponents that are described in this guide
,


Operation

Elapsed time (minutes:
seconds)

Statistics

Rate

























Reference information

Custom Workflow Activities in Web Service Configuration Tool

To accomplish various FIM operations (Export, Import, Password management),
you can use the

standard and custom workflow activities of
.Net
w
orkflow Framework 4
.
The Web Service Configuration
tool uses following standard and custom workflow activities:


St
andard

(System)

activities
: S
tandard activities are
already defined in the

.Net Workflow F
ramework
4. The activities that you can use in Web Service Configuration Tool workflows are listed below:



Throw



TryCatch



Assign



DoWhile



If



Sequence



Switch



While



AddToCollection



ClearCollection



ExistsInCollection



RemoveFromCollection



ForEachWithBody



InvokeMethod



WriteLine

For more details on Standard activities, see
Using Activity Designers
.


Custom Activities:

In addition to the

standard activities,
Web Services Configuration Tool provides

additional custom activities to fulfill
user

requirements.
The custom activities are
categoriz
ed on the
bas
is

o
f

their use in FIM operations.
E
ach custom ac
tivity will be visible in its scope only.


o

Debug related activities



Following custom activities are applicable when end user want to
debug the workflow template.


Activity Name

LogActivity

Description

This activity is used to write text messages to the log file. For more information see,
Logging
. Generally, it is very helpful to do debugging in the production

environment
where you cannot debug your workflow easily.

GUI


Usage

To use the log activity you must provide/set following properties. These properties are
visible when you first select the activity in workflow designer and then go to
Properties
(right pane):
-


1.

Log Level
: Choose one of the following values for Log level

a.

High



c潲owri瑩n朠gh攠e潧T數琠t敳s慧攠e漠o桥 lo朠gil攠if⁴ 攠eo朠
s敶敲楴y is⁳整e瑯⁈ 杨.

b.

Verbose



For writing the LogText message to the log file is

log
severity is set to Verbose

c.

Disabled



Don’t write in log.

2.

LogText:
Text which you want to write in Log.

3.

Tag :
It could be one of the following :

a.

Error

b.

Trace

c.

Warning

Activity Name

WriteLine

Description

This

activity

is

used

to

write

text

messages

to

provided

TextWriter

class

(.Net)

object.

If

no

writer

is

available,

the

WriteLine

activity

writes

its

text

o
ut

to

the

console

(command

prompt).

Note:

Console

window

is

not

available

inside

Web

Configuration

tool

as

it

is

window

form

based

application

and

it’s

suggested

that

you

provide

your

TextWriter

for

this

activity.

Using

WriteLine

activity.



GUI


Usage

In the text box please write your message which you want to be visible in the writer
target.


o

Common activities



Following custom
activities are common between different
operation scenarios.


Activity Name

WebServiceCallActivity

Description

This activity is used to invoke Web service operation available after Discovery.

GUI


Usage

To use this activity you must
provide/set following properties :
-


1.

Service Name
:
-

Pick a Web service name which you would like to call.

2.

Endpoint Name:
-

Pick an end point name of selected service.

3.

Operation Name:
-

Pick the respective operation of service.

4.

Argument:
-

On clicking (
)
it will open argument
s

dialog

from there you can
assign argument values. Example screen shot



5.

Faults (if exist):

Please pass a FaultException object so that it can capture
any SOAP faults.


Note:

You should not change
neither argument name nor direction nor argument type.

If you accidentally changed any of them, the activity would become invalid.

To rebuild the operation argument list definition, please re
-
select the operation from
OperationName

combo box.


Activity
Name

SerializeActivity

Description

This activity is used to serialize the object to string
. This activity can be used when a
complex structure of the data source needed to be mapped into the connector space.

GUI


Usage

To use this activity you need to
pass following properties



ObjectToSerialize


Object to be serialize
d
.



Result


String representation of serialized object.

Activity Name

DeserializeActivity

Description

This activity is used to deserialize the string to
object.

GUI


Usage

To use this activity you need to
pass following properties :
-



Result


Deserialized object
.



SerializeFrom


Serialized string
.


o

Import related activities



Following custom activities are applicable while developing
workflow for FIM Import operation (Full or Delta). All below activities are visible in the
Toolbox (right pane) when you browse to

[Your object] => Import => Full Import/Delta Import

Activity
Name

CreateCSEntryChangeScope

Description

This activity is used to create an instance of CSEntryChange object in workflow domain
for each respective record while retrieving data from target data source.

GUI


Usage

To use this activity

you must assign the following properties :
-

1.

DN



p整ei琠t漠yo畲扪散琠tis瑩湧uis桥搠d慭攮eT桩s⁶al略⁳桯畬d⁢ 畮i煵攠e渠
瑨t⁳c潰e yo畲⁃潮湥c瑯r⸠


B敦潲攠
AddToCollection<CSEntryChange>
,
you need to specify all its member fields
using
CreateAnchorAt
tributeActivity

and
CreateAttributeChangeActivity

activity. It could
be anchor and non
-
anchor fields. For more detailed explanation and usage please
refer below.

Activity Name

CreateAnchorAttributeActivity

Description

This activity is used to create an Anchor field inside CSEntryChange object.

GUI


Usage

To use

this activity provide valid anchor value inside value box. You have to choose
anchor attribute name from drop down first. In this example of Employee object, the
anchor is employeeID

Activity Name

SetImportErrorCodeActivity

Description

This activity is
used to set Import error code/success back to FIM during Full or Delta
operations. Through this you can specify meaningful error codes/success to FIM
depending upon the scenario.

GUI


Usage

During Import (Full/Delta) if you
encounter

an
y error
/success

in operation and you
want

to intimate FIM with meaningful error code
/success

then select any value from the drop
down.
Following error codes/success will be visible in drop down :
-

1.

Success

2.

ImportErrorMissingDomainName

3.

ImportErrorDomainNameN
otLdapConformant

4.

ImportErrorInvalidDomainName

5.

ImportErrorMissingChangeType

6.

ImportErrorInvalidChangeType

7.

ImportErrorMultiValuedChangeType

8.

ImportErrorMissingObjectClass

9.

ImportErrorMissingObjectType

10.

ImportErrorParseError

11.

ImportErrorReadError

12.

ImportErrorInvalidAttributeValue

13.

I
mportErrorInvalidBase64Value

14.

ImportErrorInvalidNumericValue

15.

ImportErrorInvalidBooleanValue


For detailed explanation of above error code
,

please refer to FIM sync help
doc
ument
s.

Activity Name

PaginateActivity

Description

This activity will be used to create various search patterns (like A*, B*, C* etc.) that are
passed as IN arguments to other activities. It is helpful in those cases where you do not
have any efficient algorithm to retrieve data from data sourc
e in chunks.

GUI


Usage

To use this activity you need to provide range in IN text box. As in above screen shot
the range

provided

is
“include [A
-
Z]”

and iteration depth set to 1 ,
which

means that
activity
will
return

A*, B*, C* …… Z* t
o item variable.

Configuring range I
teration:

Range can be configured with “include[ Regular Expression]” or “exclude[Regular
Expression]”. Below are examples of possible values:



To specify a characterSet having only values between A and Z :
include[A
-
Z]
or
exclude [^A
-
Z]



To specify a characterSet having all values except the ones between A and Z:
include[^A
-
Z] or exclude [A
-
Z]



A practical example which includes all characters in the western alphabet used for
names would look like this:
include[A
-
Za
-
z0
-
9`~
'.
-
]

Configuring the iteration Depth:

Additional Pagination configuration parameter:
I
teration Depth can also be used to
control number non
-
wildcard character prefix used in the search criteria. For example,
an iteration Depth set to 1 builds a series of s
earches similar to (a*, b*, ... z*) while a
iteration Depth set to 2 builds a series of searches similar to (aa*, ab*, ac*..., ba*, bb*,
bc*, ..., zz*)
.


Note:

The default project(s) of Web Service
c
onfig
uration

tool
only

contains the pattern to
fetch data from
data source where
anchor
has

ASCII characters. If
you want

to fetch
objects whose DN contains non
-
ASCII characters
,

the same can be achieved
by
making

changes in the configuration project.

For ex:

To import Oracle
PeopleSoft Users with Username starting with ‘
Ź

.




o

Export related activities



Following custom activities are applicable while developing
Export workflow for FIM Export operation (Add/Replace/Delete).All below activities are
visible in the Toolbox (right pane) when you browse to

[Your object] => Export => Add/Delete/Replace


Act
ivity Name

AttributesValueIteratorFactory

Description

This activity will be used to iterate over all attributes (both anchors and non
-
anchors) of
object type. While dragging this activity into your workflow designer surface it will
automatically enumerate all attribute names of your object.

GUI


Activity Name

CreateCSEntryChangeResult

Description

This activity is used to pass success/failure of Export (Add/Replace/Delete) operation
from workflow back to FIM. Appropriate messages are passed to FIM that will be visible
in the UI.

GUI


Usage

During
Export

(
Add/Replace/Delete
)
,

if you find any error
/success

in operation and you
want

to intimate the FIM with meaningful error code
/success

then select any value from
the drop down.
Following error codes/success will be
visible in drop down :

1.

Success

2.

ExportActionConvertUpdateToAdd

3.

ExportActionRetryReferenceAttribute

4.

ExportActionProvisioningParent

5.

ExportErrorConnectedDirectoryError

6.

ExportErrorConnectedDirectoryMissingObject

7.

ExportErrorConnectedDirectoryExistingObject

8.

Expor
tErrorReferenceAttributeFailure

9.

ExportErrorNonExistingParent

10.

ExportErrorDuplicateAnchor

11.

ExportErrorAmbiguousUpdate

12.

ExportErrorPasswordPolicyViolation

13.

ExportErrorKerberosTimeSkew

14.

ExportErrorKerberosNoLogOnServer

15.

ExportErrorInvalidDN

16.

ExportErrorConstraintViolation

17.

ExportErrorSyntaxViolation

18.

ExportErrorChangeNamingAttribute

19.

ExportErrorPermissionIssue

20.

ExportErrorMissingProvisioningAttribute

21.

ExportErrorInvalidProvisioningAttributeValue

22.

ExportErrorMissingAnchorComponent

23.

ExportErrorMultiVal
uedAnchorComponent

24.

ExportErrorAnchorTooLong

25.

ExportErrorInvalidAttributeValue

For detailed explanation of above error code
/success,

please refer to FIM sync help
doc
ument
s.


o

Export and
I
mport related:

These activities can be use d in context of Export as
well as
Import operations.


Activity Name

CreateAttributeChangeActivity

Description

Creates AttributeChange object.

When using in Import Context, it can create AttributeChange for non
-
anchor attribute
and should be used as child of
CreateCSEntryChangeScope Activity.

When using in Export ADD Context, it can create AttributeChange for anchor attribute
and should be used as child of CreateCSEntryChangeResult Activity.

Note:

During ADD export run, some anchor attribute values might be ch
anged and by
using this Activity as child of CreateCSEntryChangeResult you can tell FIM Sync
Engine to update anchor

attribute values.


GUI


Usage

To

use this activity you only need to pick and assign the respective fi
eld from drop
down and then assign some value.


For multivalued attributes, you can drop multiple
CreateValueChangeActivity
inside
CreateAttributeChangeActivity
activity. Refer to second screen shot for more clarity.

Activity Name

CreateValueChangeActivity

Description

This

activity is used to assign Value for respective field in
CreateAttributeChangeActivity
activity.

GUI


Usage

Set value in AttributeValue text box.


Workflow
Arguments:

Important
: You should never modify Workflow
argument list. (Do not add, remove or modify existed
argument).

Export

(Add, Delete, Replace):




objectToExport (in argument)

-

the object that in being exported.



exportResult (out argument)



the result of export operation. The value for this argument is
created using CreateCSEntryChangeResult Activity.



schemaType (in argument)



the current object schema type. Please not that this schema might
be not exactly the same as you defined it


it
may miss some arguments if they were not selected
in FIM MA Wizard UI while configuring connector.



additionalParameters (in argument)



the collection of ConfigParameters you create in
A
dditional
Parameters Workflow is passed.

Import (Full, Delta)




custom
Data (in argument)



the dictionary that you can use to store your custom data.

This data is persisted and shared between import operations of all object types.

Default implementation of Full Import workflow stores the date time of last full import run.

Yo
u can use this value to implement Delta import.

The key for last full import date time is :
schemaType.Name + "_lastImportTime"

The value is stored in format of :
DateTimeOffset.UtcNow.Ticks.ToString()



schemaType (in argument)



the current object schema typ
e. Please not that this schema might
be not exactly the same as you defined it


it may miss some arguments if they were not selected
in FIM MA Wizard UI while configuring connector.



importedEntries (in argument)



the list of imported object this WF shoul
d fill. The
CSEntryChange object is created using CreatCSEntryChange Activity and should be added to
this list.



additionalParameters (in argument)



the collection of ConfigParameters you create in
Add
itional
Parameters Workflow is passed.

Set Password Wo
rkflow




newPassword (in argument)



the new password that should be set for identity



csEntry (in argument)



defines identity for which the new password is being set.



passwordOption(in argument)



additional options that this WF should implement (Please refer
to FIM SDK for possible option values).



additionalParameters (in argument)



the collection of ConfigParameters you create in
Add
itional
Parameters Workflow is passed.

Change Password Workfl
ow





newPassword (in argument)



the new password that should be set for identity object.



oldPassword (in argument)



the old password of identity object.



csEntry (in argument)



defines identity for which the new password is being set.



additionalParameters (in argument)



the collection of ConfigParameters you create in
AddinitianalParameters Workflow is passed.

Test Connection Workflow

The purpose of this
Workflow is to check Data Source connectivity.

Before this Workflow executes, the

communication object has been configured with the parameter values
you provide in FIM MA wizard. You can validate the connectivity to Data Source using WebServiceCall
Activity and assign result to “result” argument.





result (out argument)



test connect
ion result.


Web Service Configuration Tool UI

The Web Service Configuration Tool User Interface enables you to configure different tasks that are
performed when invoked by Web Service Connector in Forefront Identity Manager (FIM) 2010.

1.

Main
Menu

The menu
bar consists of two menus,
File

and
Help
.

Menu

Description

File

Using file menu you can create/open a new/old project, save it at desired location and Exit the
configuration tool.


Note:
To be visible for FIM Synchronization Service
Manger the project must be saved at
the below location (default):

%FIM_INSTALL_DIR
\
2010
\
Synchronization Service
\
Extensions


Help

Using help, you can learn to use the Web Service configuration tool.


The menu, View Help F1, directs you
to the user education documentation published on
Microsoft Technet.


In addition, you can
Create
/
Open
/
Save

a project from the shortcuts available
on the tool
bar.


2.

Left Pane Tree

This section describes all the elements that constitute a Web Service
project.


The major components that constitute a project
are:

D
iscovered
S
ervices



The discovery is the process of accessing a Web
service through a WSDL (Web Services
Description Language) and retrieve its services,
endpoints and operati
ons it provides.

C
onnector
S
pace
S
chema
Definition



The object types and their attributes help to define
the connector space schema.



For each object type, you can configure different
workflows which will implement specific operation
to be performed by FIM.

See,
Workflows in Web
Service Configuration T
ool
.


Test connection is a global, object type independent
workflow to provide user ability to verify connection
during web service connector configuration.

3.

R
ight pane view:

Every node in a left pane has corresponding view in the right pane. This area all
ows you to discover /
create the data and configure the workflows for different operations.

Discovery

In case of a new project, the configuration tool shows blank discovery pane where you can
Add
,
Edit

or
Remove

the discovery.


In case of default project,

this area will show the list discovered services.


Service:

This area for service shows the list of endpoints held.


Endpoint:

This screen lists the operations that are declared under the endpoint.


Operation

This screen lists the
arguments

that are de
clared for the operation. These arguments are then defined
when the operation is used in configuring the workflows.



Objects Types

In case of new project this pane is blank and allows you to
Add
,
Edit

or
Remove

the Object types.


While in case of objec
t types that are already created and defined, the right pane lists the schema object
types and enables you to
Add
,
Edit

or
Remove

the Object types.

Object Type:

The right pane corresponding to object type allows you to
maintain the attributes and their pro
perties for
the selected object type.

It displays the list of attributes that have been defined for the selected Object
Type.


4.

Workflow Designer

Workflow Designer Re
-
Hosting
is
to provide a fully customized design experience for users.

The workflow
design
er opens the work area to configure the workflow as per requirement. For every object type (new
/existing), the configuration tool provides the nodes for workflows that are supported by the tool.

The workflow is divided in to following major sections:




Nodes in left pane
: These help you to select which you want to design which workflow.



Central Workflow Designer
:

Here you can drop the activities for configuring the workflows.



Toolbox
:

Packages all the tools including system and custom activities and predefined
statements to design the workflow. For more details on system toolbox, see
Toolbox
.

Toolbox Sections


Description

This section refers to the header of Toolbox. One tab
accesses toolbox and the other properties of the
selected individual workflow activity.


This category shows the
Import workflow

specific
activities. They are
custom created to use for
configuring Import workflow.



This category shows the
Export

workflow

specific
activities. They are custom created to use for
configuring Export workflow.



The activities under category
Common

are also custom
created activities and can be used to configure any
desired workflow.


The activities under category
Debug

are used for
debugging. They are system activities already defined
in Workflow 4 and allow you to enable is
sue tracking for
a workflow.


The activities under category
Statements

are also
system workflow activities and are already defined in
Workflow 4. For more details about using these

activities, see
Using Activity Designers
.




Properties
:

The properties tab displays the properties of a particular workflow activity that is
dropped in the designer area and selected. The figure on the
left shows the properties of
Assign

activity.

For every activity, the properties will differ and are used while configuring the custom workflow.
This tab allows you to define the attributes of the selected tool that has been dropped into the
central workf
low designer. For more details, see
Properties
.




Task Bar
:

The task bar includes three elements;
Variables
, Arguments and Imports
used
together with workflow activities
.

For more details on these, see
A Developer's Introduction to
Windows Workflow Foundation (WF) in .NET 4
.


Note
:

1.

The Red circle with exclamation mark [
] beside any
activity in central designer implies that the
operation dropped is not defined correctly and completely. Hover over the red circle to find out the
exact error. Once the activity is defined correctly, the red circle changes to yellow information
mark automa
tically.

2.

The Yellow triangle information mark [
] beside any activity in central designer implies that the
activity is defined but there is more that you can do to complete the activity. Hover cursor over the
yellow triangle to see more in
formation.