Connector for Web ServicesThe Web Services Connector allows you to connect to various systems with an exposed Web Services interface. The Connector and default projects are available from Microsoft Download Center.

The Web Services connector is used as a platform for the following systems:

SAP ECC 5.0 and SAP ECC 6.0 Oracle PeopleSoft 9.1 Oracle eBusiness 12.1

For additional information about these systems, please refer to the TechNet documentation for each system. This article documents the Web Services Connector as a platform and common functionality.

SummaryFeatures Supported variants

Connected data sources Web Services based on SOAPScenarios Configured through Web Services Configuration ToolOperations Full Import, Delta Import

Add, Delete, Replace (Update) Set Password, Change Password Test parameters

Schema Configured through Web Services Configuration Tool

Interface with connected data sourceThe Web Service connector integrates identities through Web Service operations with Forefront Identity Manager (FIM) 2010. The connector requires the Web Service Project file to connect with the correct data source. This project can either be downloaded from Microsoft Download Center or can be created by using the Web Service Configuration Tool.When FIM Synchronization Service invokes the Web Service connector, it loads its configured project file (.wsconfig file). This file helps it to recognize the data source’s Endpoint that should be used to establish a connection and the workflow to execute in order to implement a FIM operation. To execute the configured workflows, the web service connector is leverages the .NET 4 Workflow Foundation run time engine.

Permissions in connected data sourceThe permissions needed are different depending on data source. Please refer to respective TechNet document for further information.

Connector update historyBuild Release Revision list5.0.458.0 2012 June First release of the Web Services Connector.

Requirements, before you begin, and installation

Prerequisites for Web Service ConnectorFollowing applications should be present on your system before you start installing the WebService Connector.

1. For the Web Service Connector: FIM Synchronization Service

o FIM2010 Update 2, FIM2010 R2, or later. .NET 4.0 Framework

2. For Web Service Configuration Tool NET 4.0 Framework

To be able to create a Web Service Connector the configuration files (.wsconfig) must be present in the extensions folder.

Installation of the Web Service ConnectorThe Connector and default projects are available from Microsoft Download Center.

Web Service Connector MSI: This MSI exposes two features: Web ServiceConnector Runtime which will install the core Connector, its dependencies

and the packaged Connector. Web Service Configuration Tool that will install the Web Service Configuration Tool.

The configuration tool can be installed without having the Synchronization Service installed. This allows configuration on a separate computer.

Default ProjectsAdditional default projects are shipped with the Web Services Connector. These are available as self-extract EXE files. You may download web service Connector project as appropriate to your requirement.

After the installation is complete the different components with their binaries are installed at below folder location on your system.

Contents LocationWeb Service Connector Runtime %Program Files%\Microsoft Forefront

Identity Management\2010\Synchronization Service\Extensions

Web Service Connector Project % Program Files%\Microsoft Forefront Identity Management\2010\Synchronization Service\Extensions

Packaged Connector % Program Files %\Microsoft Forefront Identity Management\2010\Synchronization Service\UIShell\XMLs\PackagedMAs

Web Service Configuration tool. This is the default install location, you can choose to change it while installation.

%Program Files%\Microsoft Forefront Identity Management\2010\Synchronization Service\UIShell\Web

Service Configuration

Web Service Project file User can select any target folder to extract this file into but the extracted project (.wsconfig file) will be visible to FIM Sync UI only if it is extracted to FIM’s Extensions folder. The extracted project file will be visible to the Web Service Configuration tool in any location.

Additional PermissionsProject file can be saved and opened from any location (with the appropriate access privileges of its executor); however, only project files that are saved to Synchronization Service\Extension folder will be able to get selected in the Web Service connector wizard accessed through FIM Sync UI.The user running the Web Service Configuration tool will require the following privileges:

• Read/Write permissions to the Synchronization Service Extension folder.

• Read access to the registry key HKLM\System\CurrentControlSet\Services\ FIMSynchronizationService\Parameters

Configuration of Web Service Connector

Create Management Agent

ConnectivityOn the Connectivity screen, select the Web Service Connector project to be used. Provide the Host and Port.

Global ParametersUse the login credential procured from Web Service Admin for connecting to the Host. You must select the following

:

If the location of data source observs Daylight Saving and the data source is configured to automatically adjust to daylight saving settings then you must check the box for Data Source is configured to automatically adjust clock for Daylight Saving Time.

If you want to trigger the test connection workflow from this connector then you must check the check box for Test Connection.

Note: Oracle EBS default project is missing the “Data Source Server time zone” and “Data Source Server date format” parameters. Therefore, in Full Import workflow the last import time is not preserved, due to which delta import functionality will not work as expected.

Object TypesSelect the object type(s) you want to work with. The supported object types will be different depending on the connected system.

AttributesCheck all the mandatory attributes for the selected objects and the attributes you need to work with.

Follow the installer instructions to complete the process.

Web Services Configuration Tool

Creating a new Project in Web Service Configuration ToolThe Web Service Configuration Tool allows you to create a new .wsconfig project as well as use the downloaded project template / default project from Microsoft Download Center.

These are the high level steps to create a new Web Service project. Detailed steps can be found in the next section.

1. Open Web Service Configuration Tool. It opens a blank project.2. Go to File menu and click New (Figure a).Or you can click on the shortcut just below the File

menu (Figure b).

Figure a Figure b3. Click on Discovery and then click Add. This control allows discovering the exposed web service.

For detailed steps, see Discovering Web Services.

Here, you must provide the new web service name and WSDL path which will retrieve the exposed services, end-points and operations.

4. Next step is to define the connector space schema, which is achieved by creating the Object Type and defining the attributes. Click Object Types in left pane and click Add.

Enter a valid Object Type name and click OK. For detailed steps, see Connector Space Schema Configuration.

5. When the object has been created, default blank workflows are created corresponding to Synchronization Service actions.

6. Next step is to configure the workflows for your object type. The Web Service Configuration Tool facilitates you to create four different workflows: Import: To import data from data source.

o Full Importo Delta Import

Export: To export data to data sourceo Addo Deleteo Replace

Password: To perform password management for the user (object type)o Set passwordo Change Password

Test Connection: To configure workflow which when invoked checks if the connection is successfully established with the data source.

For more details see, Workflows in Web Services Configuration Tool.7. Click on the workflow that you want to configure. Go to the bottom section of central workflow

designer and declare the variables. Arguments are already defined and Imports are already specified and are specific to the activities. Below is an example of declared variables. Set the properties in the right hand pane.

8. The toolbox in right pane holds all the custom workflow specific activities (See the reference information section for more information) that you require for configuration. Assign the values to the variables that you are going to use for your logic.

9. Save this project at the location: %FIM_INSTALL_FOLDER%\Synchronization Service\Extensions. It will be saved as .wsconfig file.

Discovering Web ServicesDiscovery is the process of accessing a Web service through a WSDL (Web Services Description Language) and retrieve its services, endpoints and operations it provides. Services, endpoints and operations are used by the Web Service Connector to access the data-source and synchronize identities with Forefront Identity Manager (FIM).

Discover a new service

Follow below steps to perform a new discovery.1. Open Web Service Configuration Tool and Click on Discovery in the left hand side tree.

2. Click Add. Below screen is displayed. You should provide the new service name, the WSDL path and the namespace:

Click Next. Specify the authentication type and use the credentials to continue.

Note: The credential information provided is not stored.

3. The WSDL path is accessed to retrieve the service information and the list of exposed functions is displayed.

If the WSDL path entered is incorrect then the Web Configuration Tool fails to retrieve the service information and throws following error.

4. Once the discovery is performed, then it lists the endpoint and the operations that are discovered.

Click Finish.

When Finish button is pressed, compilation is performed. Compilation is a process of compiling the data contract assembly, which may be a time consuming operation. User will be informed about compilation errors if there will be any.After the discovery is performed, the tool displays the below screen.

You can also edit or remove the discovery by clicking on Edit and Remove buttons on the screen respectively.

Note:1. The discovery contents that include Endpoints, Operations and Operations arguments may be

referenced by workflows. Any change (Edit / Remove) in discovery should be done carefully in order not to harm the existing workflows. It is recommended to check the workflows after discovery changes to confirm no errors were caused by the change.

2. You cannot discover two Endpoints with the same name in the same project.3. For SAP specific *.wsconfig project, while updating Employee records we must lock (Enqueue)

them before doing any modification and unlock (Dequeue) then after changes. All these operations must perform in same session and to make it possible we must enable cookies in our WS call. By default it is OFF. Please find below the following steps to allow cookies in our WS call :-

a. Change the wsconfig project file extension to *.zip and extract it to a folder.b. Open cfg.config and look for allowCookies="false". Change it to truec. Zip again the complete folder and rename it with file extension *.wsconfig.d. You are ready.

Connector Space Schema Configuration

The schema configuration includes the listing the Object Types and Attributes for a specific implementation. You can define the object types and the defining attributes for your project in Web Service Configuration Tool.

Create/Edit Object Type

Follow below steps to create an object type:1. Open Web Services Configuration Tool and Click Object Types in left hand tree. Click Add and provide unique name for the new object.

The object name can include following: Characters a-z, A-Z, 0-9, hyphen (-), colon (:) and underscore (_). The first character of an object type name cannot be a hyphen (-). The object type name cannot contain two or more consecutive hyphens (--).

2. Click OK. The new Object Type is created.

Since, workflows reference object types and attributes, they are recommended to be defined only after the schema configuration is complete.

Create/Edit Attributes

The next step after creating an object type is to define attributes for the Object Type. Follow below steps for creating attributes:

1. Select the Object Type for which you want to define the attributes. Click Add. It shows the Attribute dialogue.

The attribute name can include following: Characters a-z, A-Z ,0-9,hyphen (-), colon (:) and underscore (_). The first character of an attribute name cannot be a hyphen (-).

The attribute name cannot contain two or more consecutive hyphens (--).

Note:

1. You can edit or remove attribute, by selecting; the attribute and then clicking Edit or Remove respectively.

2. You must configure at least one attribute as an Anchor attribute. If no anchor attribute is defined then you will encounter errors while configuring a web service connector.

You may specify, if you want it to be multi-valued and whether it should behave as an anchor. Click OK. The new attribute is created.

After the schema configuration is complete, you can continue with the configuration of Workflows in your project.

Important:

You must remember the following points while working with connector space schema, as the changes in schema might result in errors.

1. If you have changed the schema through the web service configuration tool , you should also validate that workflows are not including errors in a case where they have referenced to object type / attributes you have changed.

2. If you have changed the schema through the web service configuration tool and saved it to an active web service connector that is referencing this project, then you must refresh the schema for the Connector in the FIM Synchronization Service UI.

Workflows in Web Service Configuration ToolWorkflow files are a series of activities that are used by the Web Services Connector at run time in order to implement an appropriate FIM operation. The tool allows you to configure four types of workflows:

Import Export Password Test Connection

The operation flow configuration is an interface to configure the above workflows through a series of system and custom workflow activities:

Import WorkflowThis operation includes two types of workflows: Full Import and Delta Import.

Export WorkflowExport workflow involves the exporting of data from FIM to connected directory. It supports three types of operations: Add, Delete and Replace. You can configure them as per your requirement.

Password WorkflowThis operation allows configuring the workflows associated with user passwords. There are two types:

Set password: This operation is setting a user’s password on the data source. Change password: This operation is changing a user’s password on the data source only after his

existing password has been successfully confirmed.

Test ConnectionTest connection workflow allows you to configure a workflow to check if the connection with data source server is successfully established.

The test connection workflow is run when the Test Connection checkbox is selected and you select “Next >”.

Password ManagementThe Web Service Configuration Tool enables you to manage the password for the users (object type) by defining a workflow. The password for an employee can be managed through the user corresponding to the employee.

You can perform two operations under password management:Set Password:In this case, the user can set a new password for his account. It does not require the old password to proceed. Change Password: In this case, user may want to change the password or he is prompted to change password after a specified time. For this operation to happen, both old and new passwords are mandatory.

TroubleshootingBy default, Web Service Connector logging is disabled. In order to turn ON logging, you should perform following operation:

1. Open file FIM_INSTALL_DIR\Synchronization Service\Extensions\Logging.xml

2. Goto the “LoggingLevel” section and change the value to 2 or 3.

Logging level section:

<setting name="LoggingLevel" serializeAs="String"><value>0</value></setting>

3. The different logging values represent the following:

a. Value 2 – High logging – High important events (e.g. Exceptions) are logged.

b. Value 3 – Verbose logging – All the activities performed are logged.

c. Any other value than the above represents logging disabled. 4. Save the changes.

Log file is written to folder: FIM_INSTALL_DIR\Synchronization Service\ExtensionsLog file name: WebServiceConnector.log

Log File size restriction:By default, maximum log file size is restricted to 10 MB. If it is exceeded a new log file is created and the old log file is renamed to LogFileName.Index.log. After the first rotation the next 3 rotations of web service connector log file will result in following log files at the extension folder:WebServiceConnector.log – current logWebServiceConnector.1.log – first history log fileWebServiceConnector.2.log – second history log fileWebServiceConnector.3.log – third history log file

Important:You must remember the following while working with both Web Service Configuration Tool as well as Web Service Connector:

1. It is highly recommended to exclude the log file name from your Antivirus scanner to avoid the Antivirus scanner from engaging the file at the same time it is being accessed by the connector or by the web service configuration tool.

2. Log Level configuration is sampled by the Web Service configuration tool at the time of its first execution. Any changes made to Log Level configuration at the time the tool is running will require the restart of the Web Service configuration tool in order to take effect.

Performance TestingScale Topology Hardware

Note: The server hardware used is not representative for a large organization. The numbers presented should be used to understand the difference between different operations. You are encouraged and expected to configure your own test environments to more accurately estimate capacity and performance. Microsoft cannot guarantee that organizations will experience the same capacity or performance characteristics, even if the FIM Synchronization service components are deployed and configured identically to the components that are described in this guide,

Operation Elapsed time (minutes: seconds) Statistics Rate

Reference information

Custom Workflow Activities in Web Service Configuration ToolTo accomplish various FIM operations (Export, Import, Password management), you can use the standard and custom workflow activities of .Net workflow Framework 4. The Web Service Configuration tool uses following standard and custom workflow activities:

Standard (System) activities: Standard activities are already defined in the .Net Workflow Framework 4. The activities that you can use in Web Service Configuration Tool workflows are listed below:

Throw TryCatch Assign DoWhile If Sequence Switch

While AddToCollection ClearCollection ExistsInCollection RemoveFromCollection ForEachWithBody InvokeMethod WriteLine

For more details on Standard activities, see Using A ctivity Designers .

Custom Activities: In addition to the standard activities, Web Services Configuration Tool provides additional custom activities to fulfill user requirements. The custom activities are categorized on the basis of their use in FIM operations. Each custom activity will be visible in its scope only.

o Debug related activities – Following custom activities are applicable when end user want to debug the workflow template.

Activity Name LogActivity

Description This activity is used to write text messages to the log file. For more information see, Logging. Generally, it is very helpful to do debugging in the production environment where you cannot debug your workflow easily.

GUI

Usage To use the log activity you must provide/set following properties. These properties are visible when you first select the activity in workflow designer and then go to Properties (right pane):-

1. Log Level: Choose one of the following values for Log levela. High – For writing the LogText message to the log file if the log

severity is set to High.b. Verbose – For writing the LogText message to the log file is log

severity is set to Verbosec. Disabled – Don’t write in log.

2. LogText: Text which you want to write in Log.3. Tag : It could be one of the following :

a. Errorb. Tracec. Warning

Activity Name WriteLine

Description This activity is used to write text messages to provided TextWriter class (.Net) object. If no writer is available, the WriteLine activity writes its text out to the console (command prompt).

Note: Console window is not available inside Web Configuration tool as it is window form based application and it’s suggested that you provide your TextWriter for this activity. Using WriteLine activity.

GUI

Usage In the text box please write your message which you want to be visible in the writer target.

o Common activities – Following custom activities are common between different operation scenarios.

Activity Name WebServiceCallActivity

Description This activity is used to invoke Web service operation available after Discovery.

GUI

Usage To use this activity you must provide/set following properties :-

1. Service Name: - Pick a Web service name which you would like to call.

2. Endpoint Name: - Pick an end point name of selected service.3. Operation Name: - Pick the respective operation of service.4. Argument: - On clicking ( ) it will open arguments dialog from there you can

assign argument values. Example screen shot –

5. Faults (if exist): Please pass a FaultException object so that it can capture any SOAP faults.

Note:You should not change neither argument name nor direction nor argument type.If you accidentally changed any of them, the activity would become invalid.To rebuild the operation argument list definition, please re-select the operation from OperationName combo box.

Activity Name SerializeActivity

Description This activity is used to serialize the object to string. This activity can be used when a complex structure of the data source needed to be mapped into the connector space.

GUI

Usage To use this activity you need to pass following properties ObjectToSerialize – Object to be serialized. Result – String representation of serialized object.

Activity Name DeserializeActivity

Description This activity is used to deserialize the string to object.

GUI

Usage To use this activity you need to pass following properties :- Result – Deserialized object. SerializeFrom – Serialized string .

o Import related activities – Following custom activities are applicable while developing workflow for FIM Import operation (Full or Delta). All below activities are visible in the Toolbox (right pane) when you browse to

[Your object] => Import => Full Import/Delta Import

Activity Name CreateCSEntryChangeScope

Description This activity is used to create an instance of CSEntryChange object in workflow domain for each respective record while retrieving data from target data source.

GUI

Usage To use this activity you must assign the following properties :-1. DN – Set it to your object distinguished name. This value should be unique in

the scope of your Connector.

Before AddToCollection<CSEntryChange>, you need to specify all its member fields using CreateAnchorAttributeActivity and CreateAttributeChangeActivity activity. It could be anchor and non-anchor fields. For more detailed explanation and usage please refer below.

Activity Name CreateAnchorAttributeActivity

Description This activity is used to create an Anchor field inside CSEntryChange object.

GUI

Usage To use this activity provide valid anchor value inside value box. You have to choose anchor attribute name from drop down first. In this example of Employee object, the

anchor is employeeID

Activity Name SetImportErrorCodeActivity

Description This activity is used to set Import error code/success back to FIM during Full or Delta operations. Through this you can specify meaningful error codes/success to FIM depending upon the scenario.

GUI

Usage During Import (Full/Delta) if you encounter any error/success in operation and you want to intimate FIM with meaningful error code/success then select any value from the drop down. Following error codes/success will be visible in drop down :-

1. Success2. ImportErrorMissingDomainName3. ImportErrorDomainNameNotLdapConformant4. ImportErrorInvalidDomainName5. ImportErrorMissingChangeType6. ImportErrorInvalidChangeType7. ImportErrorMultiValuedChangeType8. ImportErrorMissingObjectClass9. ImportErrorMissingObjectType10. ImportErrorParseError11. ImportErrorReadError12. ImportErrorInvalidAttributeValue13. ImportErrorInvalidBase64Value14. ImportErrorInvalidNumericValue15. ImportErrorInvalidBooleanValue

For detailed explanation of above error code, please refer to FIM sync help documents.

Activity Name PaginateActivity

Description This activity will be used to create various search patterns (like A*, B*, C* etc.) that are passed as IN arguments to other activities. It is helpful in those cases where you do not have any efficient algorithm to retrieve data from data source in chunks.

GUI

Usage To use this activity you need to provide range in IN text box. As in above screen shot the range provided is “include [A-Z]” and iteration depth set to 1 ,which means that activity will return A*, B*, C* …… Z* to item variable.Configuring range Iteration:

Range can be configured with “include[ Regular Expression]” or “exclude[Regular Expression]”. Below are examples of possible values:

To specify a characterSet having only values between A and Z : include[A-Z] or exclude [^A-Z]

To specify a characterSet having all values except the ones between A and Z: include[^A-Z] or exclude [A-Z]

A practical example which includes all characters in the western alphabet used for names would look like this: include[A-Za-z0-9`~'.-]

Configuring the iteration Depth:Additional Pagination configuration parameter: Iteration Depth can also be used to control number non-wildcard character prefix used in the search criteria. For example, an iteration Depth set to 1 builds a series of searches similar to (a*, b*, ... z*) while a iteration Depth set to 2 builds a series of searches similar to (aa*, ab*, ac*..., ba*, bb*, bc*, ..., zz*) .

Note:The default project(s) of Web Service configuration tool only contains the pattern to fetch data from data source where anchor has ASCII characters. If you want to fetch objects whose DN contains non-ASCII characters, the same can be achieved by making changes in the configuration project.For ex: To import Oracle PeopleSoft Users with Username starting with ‘Ź’.

o Export related activities – Following custom activities are applicable while developing Export workflow for FIM Export operation (Add/Replace/Delete).All below activities are visible in the Toolbox (right pane) when you browse to

[Your object] => Export => Add/Delete/Replace

Activity Name AttributesValueIteratorFactory

Description This activity will be used to iterate over all attributes (both anchors and non-anchors) of object type. While dragging this activity into your workflow designer surface it will automatically enumerate all attribute names of your object.

GUI

Activity Name CreateCSEntryChangeResult

Description This activity is used to pass success/failure of Export (Add/Replace/Delete) operation from workflow back to FIM. Appropriate messages are passed to FIM that will be visible in the UI.

GUI

Usage During Export (Add/Replace/Delete), if you find any error/success in operation and you want to intimate the FIM with meaningful error code/success then select any value from the drop down. Following error codes/success will be visible in drop down :

1. Success2. ExportActionConvertUpdateToAdd3. ExportActionRetryReferenceAttribute4. ExportActionProvisioningParent5. ExportErrorConnectedDirectoryError6. ExportErrorConnectedDirectoryMissingObject7. ExportErrorConnectedDirectoryExistingObject8. ExportErrorReferenceAttributeFailure9. ExportErrorNonExistingParent10. ExportErrorDuplicateAnchor11. ExportErrorAmbiguousUpdate12. ExportErrorPasswordPolicyViolation13. ExportErrorKerberosTimeSkew14. ExportErrorKerberosNoLogOnServer15. ExportErrorInvalidDN16. ExportErrorConstraintViolation17. ExportErrorSyntaxViolation18. ExportErrorChangeNamingAttribute19. ExportErrorPermissionIssue20. ExportErrorMissingProvisioningAttribute21. ExportErrorInvalidProvisioningAttributeValue22. ExportErrorMissingAnchorComponent23. ExportErrorMultiValuedAnchorComponent24. ExportErrorAnchorTooLong25. ExportErrorInvalidAttributeValue

For detailed explanation of above error code/success, please refer to FIM sync help documents.

o Export and Import related: These activities can be use d in context of Export as well as Import operations.

Activity Name CreateAttributeChangeActivity

Description Creates AttributeChange object.When using in Import Context, it can create AttributeChange for non-anchor attribute and should be used as child of CreateCSEntryChangeScope Activity.When using in Export ADD Context, it can create AttributeChange for anchor attribute and should be used as child of CreateCSEntryChangeResult Activity.Note: During ADD export run, some anchor attribute values might be changed and by using this Activity as child of CreateCSEntryChangeResult you can tell FIM Sync Engine to update anchor attribute values.

GUI

Usage To use this activity you only need to pick and assign the respective field from drop down and then assign some value.

For multivalued attributes, you can drop multiple CreateValueChangeActivityinside CreateAttributeChangeActivityactivity. Refer to second screen shot for more clarity.

Activity Name CreateValueChangeActivity

Description This activity is used to assign Value for respective field in CreateAttributeChangeActivityactivity.

GUI

Usage Set value in AttributeValue text box.

Workflow Arguments:Important: You should never modify Workflow argument list. (Do not add, remove or modify existed argument).

Export (Add, Delete, Replace):

objectToExport (in argument) - the object that in being exported. exportResult (out argument) – the result of export operation. The value for this argument is

created using CreateCSEntryChangeResult Activity. schemaType (in argument) – the current object schema type. Please not that this schema might

be not exactly the same as you defined it – it may miss some arguments if they were not selected in FIM MA Wizard UI while configuring connector.

additionalParameters (in argument) – the collection of ConfigParameters you create in AdditionalParameters Workflow is passed.

Import (Full, Delta)

customData (in argument) – the dictionary that you can use to store your custom data.This data is persisted and shared between import operations of all object types.Default implementation of Full Import workflow stores the date time of last full import run.You can use this value to implement Delta import.The key for last full import date time is :schemaType.Name + "_lastImportTime"The value is stored in format of :DateTimeOffset.UtcNow.Ticks.ToString()

schemaType (in argument) – the current object schema type. Please not that this schema might be not exactly the same as you defined it – it may miss some arguments if they were not selected in FIM MA Wizard UI while configuring connector.

importedEntries (in argument) – the list of imported object this WF should fill. The CSEntryChange object is created using CreatCSEntryChange Activity and should be added to this list.

additionalParameters (in argument) – the collection of ConfigParameters you create in AdditionalParameters Workflow is passed.

Set Password Workflow

newPassword (in argument) – the new password that should be set for identity csEntry (in argument) – defines identity for which the new password is being set. passwordOption(in argument) – additional options that this WF should implement (Please refer

to FIM SDK for possible option values). additionalParameters (in argument) – the collection of ConfigParameters you create in

AdditionalParameters Workflow is passed.

Change Password Workflow

newPassword (in argument) – the new password that should be set for identity object. oldPassword (in argument) – the old password of identity object. csEntry (in argument) – defines identity for which the new password is being set. additionalParameters (in argument) – the collection of ConfigParameters you create in

AddinitianalParameters Workflow is passed.

Test Connection Workflow

The purpose of this Workflow is to check Data Source connectivity.Before this Workflow executes, the communication object has been configured with the parameter values you provide in FIM MA wizard. You can validate the connectivity to Data Source using WebServiceCall Activity and assign result to “result” argument.

result (out argument) – test connection result.

Web Service Configuration Tool UIThe Web Service Configuration Tool User Interface enables you to configure different tasks that are performed when invoked by Web Service Connector in Forefront Identity Manager (FIM) 2010.

1. Main MenuThe menu bar consists of two menus, File and Help.

Menu Description

File Using file menu you can create/open a new/old project, save it at desired location and Exit the configuration tool.

Note:To be visible for FIM Synchronization Service Manger the project must be saved at the below location (default):%FIM_INSTALL_DIR\2010\Synchronization Service\Extensions

Help Using help, you can learn to use the Web Service configuration tool.

The menu, View Help F1, directs you to the user education documentation published on Microsoft Technet.

In addition, you can Create/Open/Save a project from the shortcuts available on the tool bar.

2. Left Pane TreeThis section describes all the elements that constitute a Web Service project.

The major components that constitute a project are:

Discovered Services The discovery is the process of accessing a Web

service through a WSDL (Web Services Description Language) and retrieve its services, endpoints and operations it provides.

Connector Space Schema Definition The object types and their attributes help to define

the connector space schema. For each object type, you can configure different

workflows which will implement specific operation to be performed by FIM. See, Workflows in Web Service Configuration Tool.

Test connection is a global, object type independent workflow to provide user ability to verify connection during web service connector configuration.

3. Right pane view:Every node in a left pane has corresponding view in the right pane. This area allows you to discover / create the data and configure the workflows for different operations.

Discovery

In case of a new project, the configuration tool shows blank discovery pane where you can Add, Edit or Remove the discovery.

In case of default project, this area will show the list discovered services.

Service:

This area for service shows the list of endpoints held.

Endpoint:

This screen lists the operations that are declared under the endpoint.

Operation

This screen lists the arguments that are declared for the operation. These arguments are then defined when the operation is used in configuring the workflows.

Objects Types

In case of new project this pane is blank and allows you to Add, Edit or Remove the Object types.

While in case of object types that are already created and defined, the right pane lists the schema object types and enables you to Add, Edit or Remove the Object types.

Object Type:

The right pane corresponding to object type allows you to maintain the attributes and their properties for the selected object type. It displays the list of attributes that have been defined for the selected Object Type.

4. Workflow DesignerWorkflow Designer Re-Hosting is to provide a fully customized design experience for users. The workflow designer opens the work area to configure the workflow as per requirement. For every object type (new /existing), the configuration tool provides the nodes for workflows that are supported by the tool. The workflow is divided in to following major sections:

Nodes in left pane: These help you to select which you want to design which workflow. Central Workflow Designer: Here you can drop the activities for configuring the workflows. Toolbox: Packages all the tools including system and custom activities and predefined

statements to design the workflow. For more details on system toolbox, see Toolbox.

Toolbox Sections DescriptionThis section refers to the header of Toolbox. One tab accesses toolbox and the other properties of the selected individual workflow activity.

This category shows the Import workflow specific activities. They are custom created to use for configuring Import workflow.

This category shows the Export workflow specific activities. They are custom created to use for configuring Export workflow.

The activities under category Common are also custom created activities and can be used to configure any desired workflow.

The activities under category Debug are used for debugging. They are system activities already defined in Workflow 4 and allow you to enable issue tracking for a workflow.

The activities under category Statements are also system workflow activities and are already defined in Workflow 4. For more details about using these activities, see Using Activity Designers.

Properties: The properties tab displays the properties of a particular workflow activity that is dropped in the designer area and selected. The figure on the left shows the properties of Assign activity. For every activity, the properties will differ and are used while configuring the custom workflow. This tab allows you to define the attributes of the selected tool that has been dropped into the central workflow designer. For more details, see Properties.

Task Bar: The task bar includes three elements; Variables, Arguments and Imports used together with workflow activities. For more details on these, see A Developer's Introduction to Windows Workflow Foundation (WF) in .NET 4.

Note:

1. The Red circle with exclamation mark [ ] beside any activity in central designer implies that the operation dropped is not defined correctly and completely. Hover over the red circle to find out the exact error. Once the activity is defined correctly, the red circle changes to yellow information mark automatically.

2. The Yellow triangle information mark [ ] beside any activity in central designer implies that the activity is defined but there is more that you can do to complete the activity. Hover cursor over the yellow triangle to see more information.