Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Apache Syncope: an Apache Camel Integration Proposal

1,553 views

Published on

Apache Syncope is a great solution for Identity Management. In this month I analyzed some use cases that led me to reflect about the flexibility of provisioning process to adapt to various (and sometimes very cumbersome) deployment scenarios.

The questions is: How well Syncope orchestrates the provisioning? The problem is that Syncope lacks of a provisioning manager: this component could allow an easy and fully customizable definition of provisioning control logic.

My proposal consists in a redefinition of the (user and role) controller concept, through the Apache Camel framework. Why this framework? I think that Camel fits the need of easy control logic definition. Moreover Camel supports a wide range of external components: it means that it can be easily integrated with existing frameworks, like Activiti.

  • Be the first to comment

Apache Syncope: an Apache Camel Integration Proposal

  1. 1. APACHE SYNCOPE: An Apache Camel Integration Proposal Viale D'Annunzio, 267 - 65127 Pescara Partita IVA 01974100685 N. REA 143460 Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net info@tirasa.net
  2. 2. Apache Syncope: UserCreation Use Case When user is created, Syncope works in this way: 1. Create user internally → start work-flow engine 2. Propagate to external resources This use case is useful the most of times, but not ever..
  3. 3. Apache Syncope: Problematic Use Case What if we need to implement this use case ? 1. Create User on Active Directory (Primary Resource) 2. If step 1 is OK ✓ → create also internally ✓→ Otherwise X propagate to other external resources → throw a general error
  4. 4. Apache Syncope: Problematic Use Case Solution Generally, to solve the previous case, we do this: 1. Override UserController#create() method 2. Embed the desired fixed logic … isn't there a better way to do this?
  5. 5. Apache Syncope: Possible Solution We need a way that allows: 1. Easy configuration of IDM control strategies 2. Easy integration with existing component Possible Solution ? CONTROLLER REDEFINITION with
  6. 6. Apache Camel.. What is? Apache Camel™ is “a versatile open-source integration framework based on known Enterprise Integration Patterns” “Camel empowers you to define routing and mediation rules in a variety of domain-specific languages ”
  7. 7. Apache Camel: Concepts Camel is Message-oriented → Concept of Message Communication in Camel takes places via Message Message is included in Exchange
  8. 8. Apache Camel: Endpoint Endpoint defines the communication port of an application. ENDPOINT Each component is identified by unique URI
  9. 9. Apache Camel: Route A Route defines strategies for message manipulation.
  10. 10. Apache Camel: Route Definition Apache camel provides different methods to express routes: these are simply called DSL. Java DSL Spring XML DSL from("direct:a") .choice() .when(header("foo").isEqualTo("bar")) .to("direct:b") .when(header("foo").isEqualTo("cheese")) .to("direct:c") .otherwise() .to("direct:d"); <routeContext id="myCoolRoutes" xmlns="http://camel.apache.org/schema/spring"> <!-- we can have a route --> <route id="cool"> <from uri="direct:start"/> <to uri="mock:result"/> </route> <!-- and another route, you can have as many you like --> </routeContext> Example of two common DSL
  11. 11. Apache Camel.. Why? Camel could represent a valid framework for the controller orchestration.. why? IDM Control Logic ~ Route New component in Syncope → Provisioning Manager Moreover, Camel offers large set of pluggable Components . Example: the Activiti Component.
  12. 12. Provisioning Manager: Benefits ✔ Provisioning Manager embeds Ruote Definition ✔ Routes can be easily added at Runtime. ✔ Complex Behaviour Definition (i.e. rollback). ✔ Versioning of Routing Strategies
  13. 13. Apache Camel.. How? The Provisioning Manager aims to redefine the controller business logic.
  14. 14. Syncope Architecture As Is
  15. 15. Syncope Architecture with Provisioning Manager
  16. 16. Apache Camel Integration Proposal Transfer IDM control logic into the Provisioning Manager LOGIC
  17. 17. Provisioning Manager: Example Provisioning Manager: how first use case can be modeled Provisioning Manager UserTo . . from("vm:camel-create") //we can do some check here .to("activiti:camelProcess:Create”); . . from(activiti:camelProcess:Created). bean(PropagationBean, “propagateToExtResource”). //continue with other operation Process definition . . <receiveTask id="Create" .. /> . . <serviceTask id="Created" .. />
  18. 18. Provisioning Manager: Example How the problematic use case can be modelled UserTo Provisioning Manager . from("vm:camel-create") //we can do some check here .bean(PropagationBean, “propagateOnActiveDirectory”) .on(PropagationException.class).to(“log:error”) //otherwise, if step1 OK → activiti .to("activiti:camelProcess:Create”); . . from(activiti:camelProcess:Created). bean(PropagationBean, “propagateToExtResource”). //continue with other operation Process definition . . <receiveTask id="Create" .. /> . . <serviceTask id="Created" .. />
  19. 19. Provisioning Manager: Interaction ec t e D ir User Controller ctiv OnA gate ropa P t esul onR gati ropa P UserTo Provisioning Manager ory Activiti : Create Propagate To Other Resource
  20. 20. Apache Camel: Existing Component What about previous components? We have to adapt them to messages! UserController . . template.send("vm:camel-create",user_exchange); . . WorkflowResult created = consumer.receiveBody("vm:controller-port"); UserTo
  21. 21. Replace Activiti with Apache Camel ? Camel seems to behave like a workflow engine: can we replace Activiti? NO!
  22. 22. Apache Camel Integration Proposal WHAT DO YOU THINK ABOUT THIS PROPOSAL ? Join the discussion on dev@syncope.apache.org

×