1

s
2

Preface
The goal of this book, CA Identity Manager Custom Connectors Guide, is let you to understand
the custom connectors concept faster. You will learn how to develop and deploy the custom connector,
step by step.
My CA Identity Manager (formerly CA IdentityMinder) Programming is a series of three books:
CA Identity Manager Volume I: Java Developer's Guide, for beginning level.
CA Identity Manager Volume II: Learn by Example Code, for advanced level.
CA Identity Manager: Custom Connectors Guide, for the custom connector developer.
Please visit books web site: http://www.CaIdentityManagerBook.com for more details
About This Book
This book contains:
How to develop connector.xml, metadata.xml and java code.
Understanding the connectors objects and structure concept.
How to deploy connectors:
o Version 12.5
o Version 12.6
How to generate user console account screens.
Example code: basic custom connector
Example code: Generate user console account screens
Who this book for
This book is intended for custom connector developer who has some java programming
experience.

3


Convention
The following text conventions are used in this document:
Convention Meaning
Boldface Boldface type indicates book titles
Italic Italic type indicates emphasis, or placeholder variables
monospace
Monospace type indicates language and syntax elements

Customer Support

Feedback from our readers is always welcome. Let us know what you think about this book.
Please visit web site for more details:
The web site for books: http://www.caidentitymanagerbook.com
Blog and updated contents: http://caidentitymanager.blogspot.com
To send us general feedback or any questions, simply send an e-mail. Please check my email
from web site.
Download Source Code
Please visit our web site: http://www.caidentitymanagerbook.com
Trademarks
CA IdentityMinder, CA Identity Manager, CA Single Sign On and SiteMinder are registered
trademark of CA Technologies.

4


Please accept my apologies:
DELAY: I expected to release this book September 2013 but I delay almost one year.
GRAMMAR: Please accept my apology for grammar mistake. Reviewing process may require up
to 3 months. Hopefully, my next release will fix this issue.
SUPPORT: I am full time programmer. I may not response your email immediately. Please allow
24 hours for a response. My time zone is New York EST.
I apologize for all mistakes. I will fix by adding bonus chapters & VDO demo. Please visit my blog.
Hopefully, my second edition will be better and fix all these issues.

Regard,
Kosakarika

About Author
I am Java Developer and live in New York.
Experience:
Front End: ExtJS, JQuery, Content Management(WebSphere Portal), and Portlet
(WebSphere/Weblogic/SUN Portal)
SOA: Rule JBoss Drools/Guvnor, ESB(ServiceMix/Camel) and BPEL(WebSphere Process Server)
IDM and SSO: CA IdentityMinder, CA SiteMinder, and SUN Access Manager.
Implemented Multi-threading, high transaction real-time brokerage projects.
Certification:
Sun Certified Java Programmer 1.2
Sun Certified Business Component Developer 1.3
IBM Certified Developer - IBM WebSphere Portal Developer V6.1
IBM Certified Developer - Web Services Development for WebSphere V6.1
IBM System Administrator - WebSphere Application Server V6.1
IBM Enterprise Developer - IBM WebSphere Studio V5.0



5

Copyright 2014 A. Kosakarika

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means, without the prior written permission of the author, except in the case of
brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information
presented. However, the information contained in this book is sold without warranty, either express or
implied. The author will be held liable for any damages caused or alleged to be caused directly or
indirectly by this book.
Author has endeavored to provide trademark information about all of the companies and products
mentioned in this book by the appropriate use of capitals. However, author cannot guarantee the
accuracy of this information.

First published: September 2014

6

Chapter 1 Connector Concept
CA Identity Manager official document provides extensive custom connector details. It takes
time to understand or explain the whole thing. The goal of this book is let you understand how to
develop custom connector faster.
Technical Terms
To avoid confusion, we define some terms:
User means user information maintained by CA Identity Manager Server. User is stored in CA
Identity Manager User Store.
Global User means user information maintained by the Provisioning Server. It is stored in
Provisioning Director.
Account means user information in Endpoint. For example account in Active Directory.
Endpoint is destination of user information after provisioning.
Custom Connector means a connector implements by programming.
1.1 Connector Concept
A connector is the software that enables communication between connector server and an
endpoint. Each connector can perform the following operations on managed objects on the endpoint:
add, modify, delete, rename, search etc.
An endpoint is a platform or application which has identity and role data on it. Endpoint can be
active directory, database, operation system, application etc.
There are 3 types of connector
Embedded or downloaded connector from CA web site. CA provides some connectors for the
popular endpoints such as active directory, DB2, SAP etc. Please see official documents
Connector Guide and Connector download page.
Created by Connector Xpress. Connector Xpress is a utility tool for create connector without
programming. Connector Xpress support only database or directory endpoint type. Please check
the document; platform support matrix.
Custom Connector or programming connector is main topic for this book. When downloaded
connector or connector Xpress does not support your endpoint, you have to write your own
custom connector. For example calling web services to add or remove account from endpoint.

7

Connector Server
Connector server is used by CA Identity Manager (and provisioning server) connects the
endpoints through connector. There are 2 types of connector servers:
CA IAM CS or Java connector server manages the java connector and the dynamic connectors
that were created with Connector Xpress.
CCS or C++ connector server manages all of the C++ connectors.

Figure 1-1 shows connector server is between provisioning servers and connector/endpoint.
1.2 How to implement custom connector.
This chapter, we will give the big picture of custom connector implementation. The custom
connector coding requires 3 parts:
1. connector.xml, we start from this file because it links to the others part.
2. The metadata xml file describes object model. The connector requires related objects for
example account, group, policy, etc. We have to define properties in this file
3. Java code is the logic implementation. The connector can add, remove, modify and search. The
java code
When you finish the code, you have to deploy our connector to connector server. We will go
details step by steps in code examples.
8

1.3 Connector.xml or Configuration file
We start development from connector xml file first. This file is main part, it has given name, links
to metadata file and java class. This file is springs configuration of bean com.ca.jcs.ImplBundle. There
are some important property elements:
<property name="connectorTypeName"> this value of this property must match exactly with
namespace attribute in metadata xml file.
<property name="name"> this value of this property must match exactly with property
implementationBundle in metadata xml file.
<property name="staticMetadataFile"> specifics location of metadata file.
<property name="connectorClass"> specifics java code that implement connector logic.

Figure 1-2 shows our example content of connector.xml
There are a lot of details in connector.xml. For starter development, you should skip convertor
and validator in <property name="defaultConnectorConfig">. You can add convertor and validator after
your basic function works.

9

1.4 Understanding the connectors objects and structure.
The metadata is the most complicated part of custom connector. So before we go details of
metadata.xml, you need to understand the connectors objects and structure.
As we have mentioned there are 3 types of connector; downloaded connector, connector
created by connector Xpress and the custom connector. Please use LDAP explorer or LDAP client
connects to provisioning directory, and explorer any connector under path dc = im, dc = eta. You will see
the structure as below picture.

Figure 1-3 shows the basic connectors object and structure inside provisioning directory
Please note, the picture below shows the simple connectors structure (that created by
connector Xpress). Some connector has hierarchy such as Active directory.
The left side of picture, we can see the related objects and how CA provisioning server organizes
these objects:

10

Endpoint Type is top level of connector. It contains Endpoint and Policy container.
Endpoint is container. It contains account and role/group container. (This endpoint is the
same endpoint in CA Identity Manager, for example you can have 2 endpoints under
endpoint type ActiveDirectory.)
o Account Container is container. It contains accounts.
o Accounts represents the account in endpoint
Group or Role Container is container. It contains group.
o Groups or roles represent the groups or roles in endpoint. (Some connector may
not have group or role)
Policy Container is container. It contains policies.
o Policy represents account template.
The right side of picture above is example of Endpoint Type: CRM that created by connector
Xpress. CRM (Endpoint Type) contains ForwardIncCRM (endpoint) and DYN Policies (policy container).
ForwardIncCRM (endpoint) contains Accounts (account container) and Roles Container (role container).
DYN Policies (policy container) contains 2 policies; DefaultPolicy and ForwardIncCRM.
Please note, the connector Xpress and custom connector keep the policies under policy
container as we describes. For downloaded connectors, it keeps policy under
eTNamespaceName=CommonObjects. For example, Active Directory endpoint type keeps policy under
eTADSPolicyContainerName = Active Directory Policies, eTNamespaceName = CommonObjects, dc = im,
dc = eta.



[END OF SAMPLE]