Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

When Identity Manager is running in the cloud it does not have access to internal customer systems, like, for example, LDAP. It can not be guaranteed that a service in the customer's network can be accessed. To get access to customer systems, the DataSyncProxy is introduced. The DataSyncProxy is a small Spring Boot application. It is placed and runs on a machine in the customers network environment. The machine on which the DataSyncProxy runs must have access to internal systems like LDAP. The DataSyncProxy connects with Identity Manager (in the cloud) with a normal http connection. The connection is held as long as the proxy is running. While the connection is held, Identity Manager (in the cloud) is able to send Server-Sent Events (SSE) to the DataSyncProxy. The DataSyncProxy allows accessing a subsystem (search and export) in the same way as with any data source in a non-cloud installation of Identity Manager.

The picture illustrates how the DataSyncProxy is placed in the customer's network.

  • Customer 1 and Customer 2 symbolizes networks at two different customers that connect to the Identity Manager cloud service via the gateway.
  • When the user performs a search in Identity Manager, the DataSyncProxy provides a data connection to the user’s subsystem and transfers the search result data to Identity Manager. Subsystems could be the LDAP, an external JDBC database, a SCIM data source, etc.
  • The DataSyncProxy also allows the export of data from Identity Manager to the user’s subsystem.

This article is valid from Nexus PRIME 3.11.

How the DataSyncProxy is placed in the customer's network.

 Enable the DataSyncProxy to Identity Manager
  1. In Identity Manager Admin, go to Home > Data pool.
  2. To edit an existing data pool, double-click the data pool name.
  3. In the Data sources tab, select one of the data sources in the Type drop-down list.
  4. Check DataSyncProxy enabled.
  5. Click Save.
 Configure DataSyncProxy in Identity Manager

In the Identity Manager file system.properties, these are the standard settings for response intervals and timeouts for Identity Manager (for executing searches, exporting data, ...) and Identity Manager Admin (for testing connection, getting the scim resource types and getting the attribute lists). If needed, they can be configured.

Example: Configure DataSyncProxy in system.properties
dataSync.responsePollingIntervalInMs=200
dataSync.responsePollingTimeoutInMs=30000
dataSync.proxyConnectionTimeoutInMs=3600000
 
# when the connection timeout above occurs, spring logs a message on error level. To disable this enter: (Note: if you want to be sure not to miss any other logs do not turn this on)
dataSync.suppressSpringMvcExceptionsWhileTimeout=true
 Configure DataSyncProxy in customer system

In data_sync_proxy.yaml the following can be configured:

Example: Configure data_sync_proxy.yaml
logging.config: ./log4j2.xml # Custom logging configuration
prime:
    urls:  # The urls of the Prime server(s) the proxy should connect to
        - http://localhost:18080/prime_explorer
        - http://localhost:18080/prime_designer
    tenantId: 1 # The Tenant id the Proxy is used for
    userName: admin # The userName for which to call the Rest Service
    password: admin # The password of the user which triggers the Rest Service
reconnectDelay: 15000 # The delay how often the proxy checks if the connection is still active (in milliseconds)


  • No labels