To create a data source, perform the following steps:
On the Home page, click Identity Servers > IDP Global Settings > Data Sources.
Click Plus to add a data source.
Select one of the following data sources:
Database: Continue with Step 5.
Supported databases include Oracle and Microsoft SQL.
LDAP: Continue with Step 6.
eDirectory and Active Directory are supported. You can create multiple search context and LDAP replicas.
Rest Web Service: Continue with Step 4.
The data source of REST web service contains only the common information that is required by the endpoints, such as base URL, setting trusted root, and authentication. If you require to retrieve attributes by using REST API calls from an external REST web service, you must add the REST web service data source.
(For Database) Specify the following details:
|
Field |
Description |
|---|---|
|
Database Name |
Specify the name of the database. |
|
Database Driver |
Select a driver from the list. The associated driver name is auto-populated. If you select Others (Unsupported), specify the driver name. |
|
Max Connections |
Specify the maximum number of connections. The default value 20. |
|
Idle Timeout |
Specify the idle timeout. The default value is 600000 milliseconds. Set this value based on the server setting. For example, if the server timeout value is 600000, then the timeout value must not exceed 600000. |
|
Connection Timeout |
Specify the connection timeout. The default value is 10000 milliseconds. Set this value based on the server setting. |
|
Username |
Specify the username used to read from the database. |
|
Password |
Specify the password used to read from the database. |
|
Confirm Password |
Specify the password again. |
|
URL |
Specify the database URL based on the database driver selected. |
Based on the database type, you need to add the corresponding jars.
For Oracle:
Download the JDBC connector for the Oracle database from Oracle.com.
Copy the JDBC connector jar to the following folder:
Administration Console: /opt/novell/nam/adminconsole/webapps/nps/WEB-INF/lib
Identity Server: /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib
Restart Administration Console and Identity Server.
For Microsoft SQL Server:
Download the JDBC connector for the SQL Server database from Microsoft.
Copy the JDBC connector jar file to the following folder:
Administration Console: /opt/novell/nam/adminconsole/webapps/nps/WEB-INF/lib
Identity Provider: /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib
Restart Administration Console and Identity Server.
(For LDAP) Specify the following details:
Specify LDAP Connection Properties:
|
Field |
Description |
|---|---|
|
LDAP Name |
Specify a display name for the LDAP database. |
|
Directory Type |
Select the type of directory. If you select Others (Unsupported), specify a directory name in the adjacent field: sunonedir, custom1, custom2, custom3, custom4, others. |
|
Username |
Specify the username used to read from the database. |
|
Password |
Specify the password used to read from the database. |
|
Confirm Password |
Specify the password again. |
|
LDAP Operation TimeOut |
Specify the LDAP operation timeout. The default value is 15000 milliseconds. You can set this value based on the server setting. |
|
Idle Connection TimeOut |
Specify the connection timeout. The default value is 10000 milliseconds. Set this value based on the server setting. For example, if the server timeout is 15000 milliseconds, then the LDAP timeout value must not exceed 15000. |
Specify required number of contexts under Search Contexts.
Specify Search context to locate users in the directory.
Select the scope such as One level, Object, or Subtree in Scope.
If a user exists outside of the specified search context and its scope (One level, Object or Subtree), Identity Server cannot find the user and the search fails.
Click Add to search the context.
Specify required number of LDAP replicas under Server Replicas.
Click Add.
Specify the following details to add a LDAP replica:
|
Field |
Description |
|---|---|
|
Name |
Specify a name to represent the LDAP replica. |
|
IP Address/DNS Name |
Specify the IP address of the LDAP directory. |
|
Port |
Specify the port number. By default, it is 389. For a secure connection, select Use Secure LDAP Connection. The port number changes to 636. You must import the trusted root if you select a secure connection. To import the trusted root, click Auto Import Trusted Root. The trusted certificate of the server will be imported to the Identity provider trust store. Update the Identity provider each time. |
|
Connection Limit |
Specify the maximum number of connections. By default, it is set to 20. |
Click Done.
(For REST Web Services) Specify the following details:
|
Field |
Description |
|---|---|
|
Web Service Name |
Specify a display name for the web service. This can be any alpha-numeric name. |
|
Description |
(Optional) Specify the description for the web service. |
|
Base URL |
Specify the base URL in the <protocol>://<host>:<port> format. For example: http://172.16.0.0:80 Here, protocol can be HTTP or HTTPS. This is a common URL that can be used for the endpoints that use the same host and port. A common URL is used because the authentication and data connection properties will be common for all endpoints. For example, you can use the base URL as www.abc.com/rest if you want to retrieve user attributes from the following REST endpoints:
You can add getUserDepartmentInfo and getUserInfo in Resource/API Path in the attribute source page. The attribute source page is used for retrieving attributes that are specific to each web service endpoint. |
|
Trusted Root |
Select one of the following options:
|
|
Connection Timeout |
Specify the duration until which Access Manager must try connecting to the REST web server in milliseconds. The default value is 15000 milliseconds. If the host is not reachable, clicking Test will give the timeout error after the specified duration. |
|
Authentication Properties |
Select the type of authentication that will be required for connecting to the required web service. If you select Basic Auth, the Authorization header with the specified username and password gets added automatically to the request header, which is used for retrieving data from a REST endpoint. This ensures that the Authorization header gets added under the request header in the attribute source page. |
|
Credentials |
This field is displayed only when you select Authentication Type as Basic Auth. You can select any one of the following options: Admin: Specify the username and password for accessing the REST endpoints. Select this option if the REST web server requires a common credential to access all endpoints. Custom: Specify required LDAP attribute of users for accessing the REST endpoints. Use this option if the access to REST web server endpoints require specific user credentials. You must specify the credentials that authorizes a user to retrieve the information from the REST web server. |
To test the data source connection after specifying the details, click Test under Test Connectivity.
You can also view the error logs at the following location:
/opt/novell/nam/adminconsole/logs/catalina.out
NOTE:For a REST web service, clicking Test checks the connection to the web service irrespective of the endpoint's resource path and credentials. It checks the connection based on the IP address and port.