Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, - - PowerPoint PPT Presentation

integrating apache camel with apache syncope
SMART_READER_LITE
LIVE PREVIEW

Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, - - PowerPoint PPT Presentation

Aug 09, 2023 587 likes •937 views

Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, Talend. Speaker Introduction Introducing Apache Syncope Apache Syncope basics Apache Syncope is an Open Source system for managing digital identities in enterprise

slide-1
SLIDE 1

Integrating Apache Camel with Apache Syncope

  • Dr. Colm Ó hÉigeartaigh, Talend.
slide-2
SLIDE 2

Speaker Introduction

slide-3
SLIDE 3

Introducing Apache Syncope

slide-4
SLIDE 4
  • Apache Syncope is an Open Source

system for managing digital identities in enterprise environments.

  • T
  • p Level Project @ Apache since

11/2012.

  • Currently 20 committers and 11

PMC members.

  • Latest release: 2.0.1 “Jazz”.

Apache Syncope basics

slide-5
SLIDE 5

Architecture

slide-6
SLIDE 6

Deployment Options

slide-7
SLIDE 7

Persistence

slide-8
SLIDE 8

Connectors

slide-9
SLIDE 9
  • Maven

archetype

  • Standalone
  • .deb fjles
  • UI installer

Installation Options

slide-10
SLIDE 10
  • Apache Syncope features a rich

REST API based on Apache CXF, e.g

– List users (JSON):

/syncope/rest/users

– Get authenticated user:

/syncope/rest/users/self

– List groups (JSON):

/syncope/rest/groups REST API

slide-11
SLIDE 11
  • The REST API supports search via

FIQL, e.g.

– Get the user called “verdi”:

syncope/rest/users? fjql=username==verdi

– See which users were created

since January 01 2016: syncope/rest/users? fjql=creationDate=ge=2016-01- 01 REST API search

slide-12
SLIDE 12
  • A powerful Java client library is also

available. Java Client Library

slide-13
SLIDE 13
  • Apache Syncope leverages Apache

CXF to generate both WADL and SWAGGER documents

  • WADL is accessible via the URI

"/syncope/rest/?_wadl".

  • Swagger documentation is also

available via Swagger UI: “/syncope/swagger/” REST API documentation

slide-14
SLIDE 14
  • Multi-tenancy support via

“Domains”.

  • New Console Layout
  • Support for “Internet of Things”
  • Support for “Realms”.
  • End-user UI.
  • Improved documentation.
  • Apache Camel provisioning engine

New Features in Syncope 2.0.0

slide-15
SLIDE 15

The new Apache Camel Provisioning Engine

slide-16
SLIDE 16
  • What if you want to perform some

action when something changes in Apache Syncope?

  • One option is to poll the REST API of

Apache Syncope.

  • Let’s look at an example using the Java

DSL of Apache Camel to get the “total count” of users in Syncope.

Polling the REST API

slide-17
SLIDE 17

Polling the REST API

slide-18
SLIDE 18
  • However, there are obvious

disadvantages to this approach.

Excessive resource consumption

Impossible to perform an action immediately on a change in Syncope

Impossible to make a provisioning change in Syncope dependent on the action that you are performing.

  • We need a better approach!

Polling the REST API

slide-19
SLIDE 19
  • A new provisioning manager is available

in Apache Syncope 2.0.0 based on Apache Camel.

  • Contributed by Giacomo Lamonaco from

Tirasa.

  • USP of Apache Syncope: We can easily

integrate routing rules to any kind of endpoint with identity management!

Camel Provisioning Manager

slide-20
SLIDE 20
  • Natural fjt: Open-source integration

framework at Apache

  • XML (Spring) DSL available
  • Flexible and easy to use

routing/mediation rules

  • Supports a huge range of messaging

components

  • Easy to create custom Camel

components.

Why Apache Camel?

slide-21
SLIDE 21
  • A set of Camel routes are available by

default which are invoked when the User, Groups and Any Objects in question are changed in some way.

  • This allows the administrator to plug in

custom logic on any of these state changes.

  • The routes can be viewed and edited in

the Admin Console.

Camel Provisioning Manager

slide-22
SLIDE 22

Create User Route

slide-23
SLIDE 23

Camel Provisioning Manager

  • A new "propagate" Camel component is

available in Syncope 2.0.0.

  • Example: <to

uri="propagate:<propagateT ype>? anyT ypeKind=<anyT ypeKind>&options"/ >

  • PropagateT

ype: create, update, delete, provision, deprovision, status, suspend, confjrmPasswordReset.

  • AnyT

ypeKind: USER, GROUP, ANY .

slide-24
SLIDE 24

Examples

slide-25
SLIDE 25

Example 1

  • Use Case: Send an email to an

administrator when a User is created, with some details about the created User in the email.

  • We’ll use mailtrap.io as a test email

server.

  • Extra Jars needed in Syncope:

javax.mail, camel-mail

slide-26
SLIDE 26

New “createUser” route

slide-27
SLIDE 27

Example 2

  • Use Case: Audit when a user changes a

password.

  • Apache Syncope stores users in internal

storage in a table called "SyncopeUser".

  • Previous passwords associated with the

User are stored in another table (note no Timestamp):

slide-28
SLIDE 28

Example 2

  • The administrator wants a stronger

audit trail…

  • We’ll edit the Camel route to store the

password + Timestamp to a fjle associated with that user.

  • For simplicity we won’t salt + hash the

password :-)

  • No additional jars required
slide-29
SLIDE 29

New “updateUser” route

slide-30
SLIDE 30

Example 3

  • Use Case: Gather information about new

users and process it dynamically

  • Example: Age + location of new users.
  • Decouple applications from Syncope by

using a message solution (Apache ActiveMQ).

  • When new users are created, we will

modify the default Camel route to send a message to two queues corresponding to the age and location of the user.

slide-31
SLIDE 31

Example 3

  • We need to copy some jars from Apache

ActiveMQ into Syncope.

  • Also, add the following to the T
  • mcat lib

directory (called "camelRoutesContext.xml"):

slide-32
SLIDE 32

New “createUser” route

slide-33
SLIDE 33

Thank you!

Questions?