1) Creating a Schema attribute
The first thing we will do is add a simple attribute for all users that will exist in Syncope. Launch Apache Syncope as per tutorial I. Click on the "Schema" tab, and then "Create New Attribute" in the Users/Normal subsection. Create a new attribute called "surname" which is of type "String" and "mandatory". So users in our Syncope application must have a "surname". Obviously, the schema allows you to do far more complex and interesting things, but this will suffice for the purposes of this tutorial.
2) Apache Derby
The basic scenario is that we have a SQL database that stores user information that we would like to import into Apache Syncope, to integrate into a BPEL workflow, expose via a RESTful interface, associate with roles, etc. For the purposes of this tutorial, we will work with Apache Derby. The first step is to download and launch Apache Derby, and then to populate it with a table with some user data. Hat tip to my Apache CXF colleague Glen Mazza for an excellent tutorial on setting up Apache Derby.
a) Launch Apache Derby
Download Apache Derby and extract it into a new directory ($DERBY_HOME). Create a directory to use to store Apache Derby databases ($DERBY_DATA). In $DERBY_DATA, create a file called 'derby.properties' with the content:
derby.connection.requireAuthentication=true
derby.user.admin=security
In other words, authentication is required, and a valid user is "admin" with password "security". Now launch Apache Derby in network mode via:
java -Dderby.system.home=$DERBY_DATA/ -jar $DERBY_HOME/lib/derbyrun.jar server start
b) Create user data
Create a new file called 'create-users.sql' with the following content:
SET SCHEMA APP;
DROP TABLE USERS;
CREATE TABLE USERS (
NAME VARCHAR(20) NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(20) NOT NULL,
STATUS VARCHAR(20) NOT NULL,
SURNAME VARCHAR(20) NOT NULL
);
INSERT INTO USERS VALUES('dave', 'password', 'true', 'yellow');
INSERT INTO USERS VALUES('harry', 'password', 'true', 'blue');
Launch Apache Derby via $DERBY_HOME/bin/ij. Then connect to the server via:
connect 'jdbc:derby://localhost:1527/SYNCOPE;create=true;user=admin;password=security;';
Populate user data via: run 'create-users.sql';
You can now see the user data via: select * from users;
3) Synchronize user data into Apache Syncope
The next task is to import (synchronize) the user data from Apache Derby into Apache Syncope. See the Syncope wiki for more information on this topic.
a) Define a Connector
The first thing to do is to define a Connector. In tutorial I we configured two Connector bundles to use for Syncope, one for a DB backend, and one for an LDAP backend. In this section we select the DB Connector, and configure it to connect to the Derby instance we have set up above. Go to "Resources/Connectors", and create a new Connector of name "org.connid.bundles.db.table". In the "Configuration" tab select:
- User: admin
- User Password: security
- Table: app.users
- Key Column: name
- Password Column: password
- Status Column: status
- JDBC Driver: org.apache.derby.jdbc.ClientDriver
- JDBC Connection URL: jdbc:derby://localhost:1527/SYNCOPE
- Enable 'Retrieve Password'
- ONE_PHASE_CREATE
- ONE_PHASE_UPDATE
- ONE_PHASE_DELETE
- SEARCH
- SYNC
Next we need to define a Resource that uses the DB Connector. The Resource essentially defines how we use the Connector to map information from the backend into Syncope Users and Roles. Go into the "Resources" tab and select "Create New Resource". In the "Resource Details" tab select:
- Name: (Select a name)
- Connector: (Connector display name you have configured previously)
- Enforce mandatory condition
- Propagation Primary
- Propagation Mode (see here): ONE_PHASE
- Select "DefaultPropagationActions" for the "Actions class"
Having defined a Connector and a Resource to use that Connector, with mappings to map User information to and from the backend, it's time to import the backend information into Syncope. Go to "Tasks" and select the "Synchronization Tasks" tab. Click on "Create New Task". On the "Profile" tab enter:
- Name: (Select a name)
- Resource Name: (The Resource name you have created above)
- Actions class: DefaultSyncActions
- Create new identities
- Updated matched identities
- Delete matching identities
- Status
- Full reconciliation