In this post, I'll explain to you how to setup Syncope to synchronize users from that database into syncope. Of course you can also use any other database with a matching JDBC driver.
Install Syncope
In this post I'll refer to the Syncope Installation which comes with the Talend 6.1.1 installer. If you need to setup Syncope manually, please take a look at some posts from Colm.Setup DB Connection Module
According to some feedback from the Syncope community, it is recommended to use a Scripted SQL connectors instead of the database connector which is used in this blog post.
Syncope uses connid to connect to other backend systems like LDAP.
You need to download the DB connid bundle and follow the installation instructions.
- Open
webapps/syncope/WEB-INF/classes/connid.propertiesand define your connid bundle location:
Windows Style:connid.locations=file:/C:/Talend/6.1.1/apache-tomcat/webapps/syncope/WEB-INF/connid/
Linux Style:connid.locations=file:/opt/Talend-6.1.1/apache-tomcat/webapps/syncope/WEB-INF/connid/
- Create the defined folder and copy your downloaded connid bundle (jar) into it
- Download and copy your required JDBC driver to your
tomcat/libfolder - Restart Syncope / Tomcat
- Login to Syncope Console: http://localhost:8080/syncope-console/
Default-Username:admin
Default-Password:password
Setup DB Connector
Next you need to setup a connection to your database, before you can define any synchronization pattern.- Switch to Resources -> Connectors and click Create
- Enter your connection name and select your connid bundle:
- Configure your connection settings:
Since Syncope expects SHA1 hashes to be Uppercase you must set this checkbox, or otherwise your users will not be able to authenticate against syncope with their synchronized password.
Since Syncope 1.2 and newer it will also be possible to avoid user password synchronization, but instead to do a "pass-through authentication". This will be especially helpful if your passwords are not just hashed but also salted and encrypted.
- Perform a connection test by clicking on the top right world icon of the configuration tab
If you are experiencing connection problems, take a look into thetomcat/logs/core-connid.logfile for detailed information.
- Select all checkboxes on the capabilities tab:
- Save your connection
Define DB Resource
Now you can setup a new resource to define the attribute matching from syncope internal DB and external DB.- Click on Resources -> Resources -> Create
- Switch to user mapping tab
- Click Save
Add Synchronization Task
To import users from your database you need to setup a synchronization task.- Click on Task -> Synchronization Tasks -> Create
- Click Save
- Execute your new synchronization task
Create a new User
To test user propagation, you must create a new user and add this user to the H2-users Resource.- Click Users -> List -> Create
- Select Resource
- Save
I was not able to do a role synchronization with my DB backend, due to missing support in the UI / connid handler.
WRT
ReplyDelete> In Syncope 2.x and newer it will also be possible to avoid user password synchronization, but instead to do a "pass-through authentication"
Pass-through authentication is available in Syncope 1.2 as well.
Thanks for the info.
DeleteI updated my blog accordingly.
Great!
DeleteWRT
ReplyDelete> I was not able to do a role synchronization with my DB backend, due to missing support in the UI / connid handler.
The reason why you could not do that is because you are using the DBTable connector, that does not support it at all. You should be using the Scripted SQL connector, instead: https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+a+Scripted+SQL+resource
Hi Francesco,
Deletethank you very much for your feedback!
I added a note at the beginning of my article, to rather use a Scripted SQL resource, instead of the DB Connector.
Thanks, looks good.
Delete