Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for...
Transcript of Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for...
![Page 1: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/1.jpg)
Integrating Apache Camel with Apache Syncope
Dr. Colm Ó hÉigeartaigh, Talend.
![Page 2: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/2.jpg)
Speaker Introduction
![Page 3: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/3.jpg)
Introducing Apache Syncope
![Page 4: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/4.jpg)
● Apache Syncope is an Open Source system for managing digital identities in enterprise environments.
● Top Level Project @ Apache since 11/2012.
● Currently 20 committers and 11 PMC members.
● Latest release: 2.0.1 “Jazz”.
Apache Syncope basics
![Page 5: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/5.jpg)
Architecture
![Page 6: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/6.jpg)
Deployment Options
![Page 7: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/7.jpg)
Persistence
![Page 8: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/8.jpg)
Connectors
![Page 9: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/9.jpg)
● Maven archetype
● Standalone● .deb files ● UI installer
Installation Options
![Page 10: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/10.jpg)
● Apache Syncope features a rich REST API based on Apache CXF, e.g– List users (JSON):
/syncope/rest/users– Get authenticated user:
/syncope/rest/users/self– List groups (JSON):
/syncope/rest/groups
REST API
![Page 11: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/11.jpg)
● The REST API supports search via FIQL, e.g.– Get the user called “verdi”:
syncope/rest/users?fiql=username==verdi
– See which users were created since January 01 2016: syncope/rest/users?fiql=creationDate=ge=2016-01-01
REST API search
![Page 12: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/12.jpg)
● A powerful Java client library is also available.
Java Client Library
![Page 13: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/13.jpg)
● Apache Syncope leverages Apache CXF to generate both WADL and SWAGGER documents
● WADL is accessible via the URI "/syncope/rest/?_wadl".
● Swagger documentation is also available via Swagger UI: “/syncope/swagger/”
REST API documentation
![Page 14: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/14.jpg)
● Multi-tenancy support via “Domains”.
● New Console Layout● Support for “Internet of Things”● Support for “Realms”.● End-user UI.● Improved documentation.● Apache Camel provisioning engine
New Features in Syncope 2.0.0
![Page 15: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/15.jpg)
The new Apache Camel Provisioning Engine
![Page 16: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/16.jpg)
● What if you want to perform some action when something changes in Apache Syncope?
● One option is to poll the REST API of Apache Syncope.
● Let’s look at an example using the Java DSL of Apache Camel to get the “total count” of users in Syncope.
Polling the REST API
![Page 17: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/17.jpg)
Polling the REST API
![Page 18: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/18.jpg)
● However, there are obvious disadvantages to this approach.– Excessive resource consumption
– Impossible to perform an action immediately on a change in Syncope
– Impossible to make a provisioning change in Syncope dependent on the action that you are performing.
● We need a better approach!
Polling the REST API
![Page 19: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/19.jpg)
● A new provisioning manager is available in Apache Syncope 2.0.0 based on Apache Camel.
● Contributed by Giacomo Lamonaco from Tirasa.
● USP of Apache Syncope: We can easily integrate routing rules to any kind of endpoint with identity management!
Camel Provisioning Manager
![Page 20: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/20.jpg)
● Natural fit: Open-source integration framework at Apache
● XML (Spring) DSL available● Flexible and easy to use
routing/mediation rules● Supports a huge range of messaging
components● Easy to create custom Camel
components.
Why Apache Camel?
![Page 21: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/21.jpg)
● A set of Camel routes are available by default which are invoked when the User, Groups and Any Objects in question are changed in some way.
● This allows the administrator to plug in custom logic on any of these state changes.
● The routes can be viewed and edited in the Admin Console.
Camel Provisioning Manager
![Page 22: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/22.jpg)
Create User Route
![Page 23: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/23.jpg)
Camel Provisioning Manager
● A new "propagate" Camel component is available in Syncope 2.0.0.
● Example: <to uri="propagate:<propagateType>?anyTypeKind=<anyTypeKind>&options"/>
● PropagateType: create, update, delete, provision, deprovision, status, suspend, confirmPasswordReset.
● AnyTypeKind: USER, GROUP, ANY.
![Page 24: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/24.jpg)
Examples
![Page 25: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/25.jpg)
Example 1
● Use Case: Send an email to an administrator when a User is created, with some details about the created User in the email.
● We’ll use mailtrap.io as a test email server.
● Extra Jars needed in Syncope: javax.mail, camel-mail
![Page 26: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/26.jpg)
New “createUser” route
![Page 27: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/27.jpg)
Example 2
● Use Case: Audit when a user changes a password.
● Apache Syncope stores users in internal storage in a table called "SyncopeUser".
● Previous passwords associated with the User are stored in another table (note no Timestamp):
![Page 28: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/28.jpg)
Example 2
● The administrator wants a stronger audit trail…
● We’ll edit the Camel route to store the password + Timestamp to a file associated with that user.
● For simplicity we won’t salt + hash the password :-)
● No additional jars required
![Page 29: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/29.jpg)
New “updateUser” route
![Page 30: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/30.jpg)
Example 3
● Use Case: Gather information about new users and process it dynamically
● Example: Age + location of new users.● Decouple applications from Syncope by
using a message solution (Apache ActiveMQ).
● When new users are created, we will modify the default Camel route to send a message to two queues corresponding to the age and location of the user.
![Page 31: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/31.jpg)
Example 3
● We need to copy some jars from Apache ActiveMQ into Syncope.
● Also, add the following to the Tomcat lib directory (called "camelRoutesContext.xml"):
![Page 32: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/32.jpg)
New “createUser” route
![Page 33: Integrating Apache Camel with Apache Syncope · Apache Syncope is an Open Source system for managing digital identities in enterprise environments. Top Level Project @ Apache since](https://reader031.fdocuments.in/reader031/viewer/2022021913/5c6aa84d09d3f20c178d054d/html5/thumbnails/33.jpg)
Thank you!
Questions?