on 05-22-2014 6:43 PM
Hi Experts!
I'm working on a syncronization job between IDM and SAP JAVA. In this job I need to pass the username and the rolename that I want to pass from IDM to the SAP JAVA system. I can get the user and role information from both systems, however I'm a little stuck on passing this information back to SAP JAVA.
From what I can see from the Framework, the pass SetJavaRoleForUser&Group is the one that would do what I need, but I'm not quite seeing how the user information gets passed in. Has anyone done anything like this before? Got any pointers?
Thanks!
Matt
Let me ask this question a different way, what values are supposed to go into SPMLID and assignedvalues attributes? I'd assume this SPML.USER.%MSKEYVALUE% and SPML.SAPROLE.%MSKEYVALUE% to match up with the MSKEYVALUEs of the MX_PERSON and MX_PRIVILEGE. (e.g. SPML.USER.MATTPOLLICOVE / SPML.SAPROLE.SOMEROLE
Am I missing something?
Thanks!
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
not sure if this helps, but did this few years ago on 7.0.. What assignedroles and assignedgroups expected were just pipe-delimeted list of AS Java role/group-names. I doubt this has changed since.
Just write a custom script that gets the groups/roles from the link-tables and pass the values forward. You need to replace the IdM-prefix ("PRIV:ROLE/GROUP:[REP_NAME]:") from the privilege name and put "SPML.SAPROLE." (or "SPML.SAPGROUP.") inplace.
regards, Tero
Hi Matt,
Are to trying to sync the role assignment done on SAP Java to the IdM DB? Could you please elaborate on what sync are you doing? Because I had done something of this sort long back. It may help you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.