Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 2FA92200B4A for ; Tue, 5 Jul 2016 17:33:52 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 2E1F4160A76; Tue, 5 Jul 2016 15:33:52 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1049A160A70 for ; Tue, 5 Jul 2016 17:33:49 +0200 (CEST) Received: (qmail 8103 invoked by uid 500); 5 Jul 2016 15:33:49 -0000 Mailing-List: contact commits-help@syncope.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@syncope.apache.org Delivered-To: mailing list commits@syncope.apache.org Received: (qmail 8000 invoked by uid 99); 5 Jul 2016 15:33:49 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jul 2016 15:33:49 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id EBFE6E943B; Tue, 5 Jul 2016 15:33:48 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: ilgrosso@apache.org To: commits@syncope.apache.org Date: Tue, 05 Jul 2016 15:33:50 -0000 Message-Id: <0b65ccaee9d64d34b0b70ac4ece53992@git.apache.org> In-Reply-To: <4c1a383cb3c3453996c15376fbe56ade@git.apache.org> References: <4c1a383cb3c3453996c15376fbe56ade@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [3/4] syncope git commit: [SYNCOPE-700] Finalizing getting started, moving on reference guide archived-at: Tue, 05 Jul 2016 15:33:52 -0000 http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/iam/identitystores.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/iam/identitystores.adoc b/src/main/asciidoc/iam/identitystores.adoc deleted file mode 100644 index 42aa117..0000000 --- a/src/main/asciidoc/iam/identitystores.adoc +++ /dev/null @@ -1,35 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// -=== Identity Stores -An identity store is the place where digital identities are stored. Of course there are various store types, the most -famous are: - -* Microsoft Active Directory; -* LDAP -** OpenLDAP; -** FreeIPA; -** ForgeRock OpenDJ; -** 389 Directory Server; -* DBMS -** MySQL -** PostgreSQL -** Oracle - -From Apache Syncope point of view, an identity store is viewed as an integrated resource with a communication based -on the identity connectors. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/iam/provisioningengines.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/iam/provisioningengines.adoc b/src/main/asciidoc/iam/provisioningengines.adoc deleted file mode 100644 index 8496b13..0000000 --- a/src/main/asciidoc/iam/provisioningengines.adoc +++ /dev/null @@ -1,32 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// -=== Provisioning Engines -A provisioning engine is a software able to execute some operation on the profile of a digital identity. -Precisely this operation could be run to manage a user lifecycle, the _CRUD_ operation to persist the user on an -identity store: - -* Create -* Read -* Update -* Delete - -or could be the operations able to modify the user profile in order to activate or deactivate its digital identity, or -could be the operations to add or remove a role from an user profile to achieve the RBAC (Role-based access control) -in an environment and so on. Definitely a provisioning engine manages the digital identity user profile in a centralized -way. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/iam/thecompletepicture.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/iam/thecompletepicture.adoc b/src/main/asciidoc/iam/thecompletepicture.adoc deleted file mode 100644 index 5264ebf..0000000 --- a/src/main/asciidoc/iam/thecompletepicture.adoc +++ /dev/null @@ -1,19 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// -=== The Complete Picture \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/introduction.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/introduction.adoc b/src/main/asciidoc/introduction.adoc deleted file mode 100644 index 19eb534..0000000 --- a/src/main/asciidoc/introduction.adoc +++ /dev/null @@ -1,146 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// - -== Introduction - -*Apache Syncope* is an Open Source system for managing digital identities in enterprise environments, implemented in -Java EE technology and released under the Apache 2.0 license. - -*Identity Management* (or IdM) means to manage user data on systems and applications, using the combination of -business processes and IT. IdM involves considering user attributes, roles, resources and entitlements in trying to answer the -following thorny question: - -[.text-center] -_Who has access to What, When, How, and Why?_ - -=== What is Identity Management, anyway? - -**** -Account:: Computers work with records of data about people. Such records contain technical information needed by the system for -which the account is created and managed. -(Digital) Identity:: A representation of a set of claims made by one digital subject about itself. *It's you!* -**** - -Have you ever been hired by a company, entered an organization or just created a new Google account? -Companies, organizations and cloud entities work with applications that need your data to function properly: -username, password, e-mail, first name, surname, and more. - -Where is this information going to come from? And what happens when you need to be enabled for more applications? And what if -you get promoted and acquire more rights on the applications you already had access to? -Most important, what happens when you quit or they gently let you go? - -In brief, Identity Management takes care of managing identity data throughout what is called the *Identity Lifecycle*. - -[.text-center] -image::identityLifecycle.png[title="Identity Lifecycle",alt="Identity Lifecycle",width="505",height="324"] - -.Users, groups and any objects -**** -With Apache Syncope 2.0.0, the managed identities are not limited anymore to users and groups. New object types can be -defined so that any objects data can be managed through Syncope: workstations, printers, folders, sensors, services, -and so on. This positions Apache Syncope at the forefront for bringing Identity Management in the IoT world. -**** - -=== Identity and Access Management - Reference Scenario - -[.text-center] -image::iam-scenario.png[title="IAM Scenario",alt="IAM Scenario"] - -The picture above shows the tecnologies involved in a complete IAM solution: - -* *_Identity Store_* (as RDBMS, LDAP, Active Directory, meta- and virtual-directories) - the repository for account data -* *_Provisioning Engine_* - synchronizes account data across identity stores and a broad range of data formats, models, -meanings and purposes -* *_Access Manager_* - access mediator to all applications, focused on application front-end, taking care of -authentication (https://en.wikipedia.org/wiki/Single_sign-on[Single Sign-On^]), authorization -(http://oauth.net/[OAuth^], https://en.wikipedia.org/wiki/XACML[XACML^]) and federation -(https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language[SAML^], http://openid.net/connect/[OpenID Connect^]). - -[NOTE] -==== -As you can notice, *Apache Syncope is primarily a provisioning engine*. -==== - -==== Aren't Identity Stores enough? - -One might suppose that a single identity store can solve all the identity needs inside an organization, but few -drawbacks are just around the corner: - -. Heterogeneity of systems -. Lack of a single source of information (HR for corporate id, Groupware for mail address, ...) -. Often applications require a local user database -. Inconsistent policies across the infrastructure -. Lack of workflow management -. Hidden infrastructure management cost, growing with organization - -=== A bird's eye view on the Architecture of Apache Syncope - -[.text-center] -image::architecture.png[title="Architecture",alt="Architecture"] - -*_Admin UI_* is the web-based console for configuring and administering running deployments, with full support -for delegated administration. - -*_End-user UI_* is the web-based application for self-registration, self-service and password reset. - -*_CLI_* is the command-line application for interacting with Apache Syncope from scripts, particularly useful for -system administrators. - -*_Core_* is the central component, providing all services offered by Apache Syncope. + -It exposes a fully-compliant https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services[JAX-RS 2.0^] -https://en.wikipedia.org/wiki/Representational_state_transfer[RESTful^] interface which enables third-party applications, -written in any programming language, to consume IdM services. - - * *_Logic_* implements the overall business logic that can be triggered via REST services, and controls some additional -features (notifications, reports and audit over all) - * *_Provisioning_* is involved with managing the internal (via workflow) and external (via specific connectors) -representation of users, groups and any objects. + -This component often needs to be tailored to meet the requirements of a specific deployment, as it is the crucial decision -point for defining and enforcing the consistency and transformations between internal and external data. The default -all-Java implementation can be extended for this purpose. In addition, an http://camel.apache.org/[Apache Camel^]-based -implementation is also available as an extension, which brings all the power of runtime changes and adaptation. - * *_Workflow_* is one of the pluggable aspects of Apache Syncope: this lets every deployment choose the preferred engine -from a provided list - including the one based on http://www.activiti.org/[Activiti BPM^], the reference open source -http://www.bpmn.org/[BPMN 2.0^] implementation - or define new, custom ones. - * *_Persistence_* manages all data (users, groups, attributes, resources, ...) at a high level -using a standard https://en.wikipedia.org/wiki/Java_Persistence_API[JPA 2.0^] approach. The data is persisted to an underlying -database, referred to as *_Internal Storage_*. Consistency is ensured via the comprehensive -http://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/transaction.html[transaction management^] -provided by the Spring Framework. + -Globally, this offers the ability to easily scale up to a million entities and at the same time allows great portability with no code -changes: MySQL, MariaDB, PostgreSQL, Oracle and MS SQL Server are fully supported deployment options. - * *_Security_* defines a fine-grained set of entitlements which can be granted to administrators, thus enabling the -implementation of delegated administration scenarios. - -Third-party applications are provided full access to IdM services by leveraging the REST interface, either via the -Java _SyncopeClient_ library (the basis of Admin UI, End-user UI and CLI) or plain HTTP calls. - -.ConnId -**** -The *_Provisioning_* layer relies on http://connid.tirasa.net[ConnId^]; ConnId is designed to separate the -implementation of an application from the dependencies of the system that the application is attempting to connect to. - -ConnId is the continuation of The Identity Connectors Framework (Sun ICF), a project that used to be part of market -leader Sun IdM and has since been released by Sun Microsystems as an Open Source project. This makes the connectors layer -particularly reliable because most connectors have already been implemented in the framework and widely tested. - -The new ConnId project, featuring contributors from several companies, provides all that is required nowadays for a -modern Open Source project, including an Apache Maven driven build, artifacts and mailing lists. Additional connectors – -such as for SOAP, CSV, PowerShell and Active Directory – are also provided. -**** http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/introduction/digitalidentity.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/introduction/digitalidentity.adoc b/src/main/asciidoc/introduction/digitalidentity.adoc deleted file mode 100644 index 9f736ee..0000000 --- a/src/main/asciidoc/introduction/digitalidentity.adoc +++ /dev/null @@ -1,43 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// -=== Digital identity -To briefly introduce what the digital identity means, we report what the https://en.wikipedia.org/wiki/Digital_identity[Wikipedia] -says about it - -**** -A digital identity is information used by computer systems to represent an external agent. That agent may be a person, -organisation, or device. The information in digital identities is used by computers to make decisions about how to -interact with external agents. It allows a computer to answer two basic questions: - -With which external agent is it interacting? -Has it interacted with an external agent in the past? -The information contained in a digital identity allows these questions to be answered without the involvement of human -operators. Digital identities allow our access to computers and the services they provide to be automated, and make it -possible for computers to mediate relationships. - -The term "digital identity" has also come to denote aspects of civil and personal identity that have resulted from the -widespread use of identity information to represent people in computer systems. - -Digital identity is now often used in ways that require data about persons stored in computer systems to be linked to -their civil, or national, identities. Furthermore, the use of digital identities is now so widespread that many -discussions refer to "digital identity" as the entire collection of information generated by a person’s online activity. -Especially where that information is publicly available, and can be used by others to discover that person's civil identity. -In this wider sense, a digital identity is a version, or facet, of a person's social, identity. This may also referred -to as an online identity. -**** http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/introduction/history.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/introduction/history.adoc b/src/main/asciidoc/introduction/history.adoc deleted file mode 100644 index 9602ef2..0000000 --- a/src/main/asciidoc/introduction/history.adoc +++ /dev/null @@ -1,31 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// -=== A bit of history -Syncope, officially, borns at the end of April 2010 with the first https://code.google.com/p/syncope/source/detail?r=1[commit] -on the GoogleCode repository. -Syncope development started from a group of IdM experts and Open Source enthusiasts; it starts to be an Open Source project, -so after two years the developers tried to donate the code to the Apache Software Foundation and, precisely in February -2012, Syncope became an ASF project; of course starting its journey from the incubator state. - -Now, after three years as ASF project, the community counts 16 developers (from different countries) and hundreds of ML -members. - -From the project's point of view, there isn't a website to find a complete list of project reference, but reading -the user mailing list and this one[http://syncope.tirasa.net/success-stories.html], you can say that several companies -have chosen Syncope as their own identity manager system. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/introduction/introduction.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/introduction/introduction.adoc b/src/main/asciidoc/introduction/introduction.adoc deleted file mode 100644 index 15a8f9b..0000000 --- a/src/main/asciidoc/introduction/introduction.adoc +++ /dev/null @@ -1,26 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// - -== Introduction -*Apache Syncope* is an Open Source system for managing digital identities in enterprise environments, implemented in -Java EE technology and released under the Apache 2.0 license. - -include::digitalidentity.adoc[] - -include::history.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/obtain.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/obtain.adoc b/src/main/asciidoc/obtain.adoc deleted file mode 100644 index 7817334..0000000 --- a/src/main/asciidoc/obtain.adoc +++ /dev/null @@ -1,192 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// - -== Obtain Apache Syncope - -There are several ways to obtain Apache Syncope: each of which has advantages or caveats for different types of users. - -=== Standalone - -The standalone distribution is the simplest way to start exploring Apache Syncope: it contains a fully working, in-memory -Tomcat-based environment that can be easily grabbed and put at work on any modern laptop, workstation or server. - -[CAUTION] -.Target Audience -First approach, especially with administration console and end-user; does not require technical skills. + -*Not meant for any production environment.* - -Getting ready in a few easy steps: - -. http://syncope.apache.org/downloads.html[download^] the standalone distribution -. unzip the distribution archive -. go into the created Apache Tomcat directory -. start Apache Tomcat -* GNU / Linux, Mac OS X -+ -[source,bash] ----- -$ chmod 755 ./bin/*.sh -$ ./bin/startup.sh ----- -+ -* Windows -+ -[source,cmd] ----- -> bin/startup.bat ----- - -[TIP] -Please refer to the http://tomcat.apache.org/tomcat-8.0-doc/[Apache Tomcat documentation^] for more advanced setup and -instructions. - -==== Components - -The set of available components, including access URLs and credentials, is the same as reported for -<>, with the exception of log files, available here under `$CATALINA_HOME/logs`. - -[TIP] -.Internal Storage -==== -By default, the standalone distribution is configured to use an in-memory database instance. -This means that every time Tomcat is shut down all changes that have been made are lost. - -If you want instead to make your changes persistent, replace - -[source,java] -jpa.url=jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1 - -with - -[source,java] -jpa.url=jdbc:h2:~/syncopedb;DB_CLOSE_DELAY=-1 - -in `webapps/syncope/WEB-INF/classes/domains/Master.properties` (for `Master` domain) or -`webapps/syncope/WEB-INF/classes/domains/Two.properties` (for `Two` domain) from the Apache Tomcat directory. -This will create H2 database files in the home directory of the user running Apache Syncope. - -Please refer to the http://www.h2database.com/[H2 documentation^] for more options. -==== - -include::commondocs/debpackages.adoc[] - -include::commondocs/guiinstaller.adoc[] - -==== Components - -CAUTION: The following assumes that the Java EE container is reachable on host `host.domain` and port `port`. - -[cols="1,2"] -|=== - -| Complete REST API reference -| http://host.domain:port/syncope/index.html - -| http://swagger.io/[Swagger^] UI -| http://host.domain:port/syncope/swagger/ - -| Administration console -| http://localhost:9080/syncope-console/ + -Credentials: `admin` / `password` - -| End-user UI -| http://localhost:9080/syncope-enduser/ - -|=== - -include::commondocs/maven.adoc[] - -==== Embedded Mode - -Every Apache Syncope project has the ability to run a full-blown in-memory environment, particularly useful either when -evaluating the product and during the development phase of an IdM solution. - -[WARNING] -==== -Don't forget that this environment is completely in-memory: this means that every time Maven is stopped, all changes -made are lost. -==== - -From the top-level directory of your project, execute: - -[source,bash] -mvn -P all clean install - -then, from the `enduser` subdirectory, execute: - -[source,bash] -mvn -P embedded - -===== Paths and Components - -[cols="1,2"] -|=== - -| Log files -| Available under `core/target/log`, `console/target/log` and `enduser/target/log` - -| ConnId bundles -| Available under `core/target/bundles` - -| Complete REST API reference -| http://localhost:9080/syncope/index.html - -| http://swagger.io/[Swagger^] UI -| http://localhost:9080/syncope/swagger/ - -| Administration console -| http://localhost:9080/syncope-console/ + -Credentials: `admin` / `password` - -| End-user UI -| http://localhost:9080/syncope-enduser/ - -| Internal storage -| A SQL web interface is available at http://localhost:9080/syncope/db.jsp + - + - Choose configuration 'Generic H2 (Embedded)' + - Insert `jdbc:h2:mem:syncopedb` as JDBC URL + - Click 'Connect' button - -| External resource: LDAP -| An http://directory.apache.org/apacheds/[Apache DS^] instance is available. + -You can configure any LDAP client (as http://jxplorer.org/[JXplorer^], for example) with the following information: + - + - host: `localhost` + - port: `1389` + - base DN: `o=isp` + - bind DN: `uid=admin,ou=system` + - bind password: `secret` - -| External resource: SOAP -| An example SOAP server is available at http://localhost:9080/wssample/services + - + - You can check its internal data by visiting http://localhost:9080/wssample/exploredb.jsp - -| External resource: database -| http://www.h2database.com/[H2^] TCP database is available. + - + - A SQL web interface is available at http://localhost:9082/ + - + - Choose configuration 'Generic H2 (Server)' + - Insert `jdbc:h2:tcp://localhost:9092/mem:testdb` as JDBC URL + - Set 'sa' as password + - Click 'Connect' button - -|=== http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide.adoc b/src/main/asciidoc/reference-guide.adoc deleted file mode 100644 index 70689d4..0000000 --- a/src/main/asciidoc/reference-guide.adoc +++ /dev/null @@ -1,73 +0,0 @@ -// -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -// - -// Quick reference: http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/ -// User manual: http://asciidoctor.org/docs/user-manual/ -// Tricks: https://leanpub.com/awesomeasciidoctornotebook/read - -:homepage: http://syncope.apache.org -:description: Comprehensive guide about Apache Syncope -:keywords: Apache Syncope, IdM, provisioning, identity management, reference, guide - -:docinfo1: -:last-update-label!: -:sectanchors: -:sectnums: -:sectlinks: - -= Apache Syncope - Reference Guide -:revnumber: {docVersion} -:toc: right -:toclevels: 4 - -image::http://syncope.apache.org/images/apache-syncope-logo-small.jpg[Apache Syncope logo] - -[NOTE] -.This document is under active development and discussion! -If you find errors or omissions in this document, please don’t hesitate to -http://syncope.apache.org/issue-tracking.html[submit an issue] or -https://github.com/apache/syncope/pulls[open a pull request] with -a fix. We also encourage you to ask questions and discuss any aspects of the project on the -http://syncope.apache.org/mailing-lists.html[mailing lists or IRC]. -New contributors are always welcome! - -[discrete] -== Preface -This reference guide covers Apache Syncope services for identity management, -provisioning, and compliance. - -include::introduction/introduction.adoc[] - -// miss one paraghraph -include::iam/iam.adoc[] - -// TO DO -include::architecture/architecture.adoc[] - -// TO DO -include::concepts/concepts.adoc[] - -// TO DO (CLI and restful: done) -include::workingwithapachesyncope/workingwithapachesyncope.adoc[] - -// TO DO -include::extensions/extensions.adoc[] - -// TO DO -include::usecases/usecases.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/architecture/architecture.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/architecture/architecture.adoc b/src/main/asciidoc/reference-guide/architecture/architecture.adoc new file mode 100644 index 0000000..924c42b --- /dev/null +++ b/src/main/asciidoc/reference-guide/architecture/architecture.adoc @@ -0,0 +1,24 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +== Architecture + +include::designprinciples.adoc[] + +include::implementationguidelines.adoc[] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/architecture/designprinciples.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/architecture/designprinciples.adoc b/src/main/asciidoc/reference-guide/architecture/designprinciples.adoc new file mode 100644 index 0000000..017107e --- /dev/null +++ b/src/main/asciidoc/reference-guide/architecture/designprinciples.adoc @@ -0,0 +1,19 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +=== Design Principles \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/architecture/implementationguidelines.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/architecture/implementationguidelines.adoc b/src/main/asciidoc/reference-guide/architecture/implementationguidelines.adoc new file mode 100644 index 0000000..04af80f --- /dev/null +++ b/src/main/asciidoc/reference-guide/architecture/implementationguidelines.adoc @@ -0,0 +1,19 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +=== Implementation Guidelines \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/concepts.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/concepts.adoc b/src/main/asciidoc/reference-guide/concepts/concepts.adoc new file mode 100644 index 0000000..2e63820 --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/concepts.adoc @@ -0,0 +1,55 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +== Concepts + +=== Data model + +==== Schema + +==== Attributes + +==== Users, Groups and Any objects + +==== Realms + +==== Domains + +=== Tasks + +include::provisioning/provisioning.adoc[] + +=== Policies + +==== Account + +==== Password + +==== Push + +==== Pull + +=== Workflow and Approval + +=== Notifications + +=== Reports + +=== Audit + +=== Delegated Administration http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/connectors.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/connectors.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/connectors.adoc new file mode 100644 index 0000000..835d95a --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/connectors.adoc @@ -0,0 +1,32 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Connectors +Syncope uses entities like connectors bundles, connector instances and external resources to synchronize user accounts +with and propagate to external systems. This paragraph clarifies what the responsibility and scope of each of these entities are. + +===== Connector bundle +Connector bundles are the components that are able to connect to classes of systems when configured correctly and +told to do so. They are not bound to Syncope specifically, as they are part of the separate framework +http://connid.tirasa.net/[ConnId], but they can be plugged into a deployed Syncope system. + +===== Connector instance +Connectors instances are instance of connector bundles, obtained by assigning values to configuration properties +defined in bundles. +For instance, there is only a single "DatabaseTable connector" (the bundle) that can be instantiated many times, for +example if there is need to connect to two different databases. \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/propagation.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/propagation.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/propagation.adoc new file mode 100644 index 0000000..d58ba53 --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/propagation.adoc @@ -0,0 +1,34 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Propagation +The propagation is the mechanism to extend provisioning operations on external resources. +The propagation layer implements remote creation, maintenance, activation and deactivation of user and role objects +and their attributes. +A propagation towards a specific external resource occurs if and only if the external resource's connector +instance capabilities permit. +Propagation will be tried on an external resource for each provisioning operation involving users or roles assigned +to that resource. + +===== Configuration +Connectors:: +Connector instances can be configured to create, update and delete operations. +Propagation tasks:: +When propagation tasks are created, their propagation mode will be set according to the mode of the external resource. +Operation:: +When tasks are executed, the execution status will be set to SUCCESS or FAILURE, based on the actual propagation result. \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc new file mode 100644 index 0000000..4a9c957 --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/provisioning.adoc @@ -0,0 +1,37 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +=== Provisioning +The main purpose of identity management systems is to manage user and role provisioning. +User and role provisioning refers to the creation, maintenance, activation and deactivation of user and role objects +and their attributes. Provisioning operations can act on Apache Syncope only or be propagated towards external +resources as well. +The provisioning operation can be initiated by an authorized user (for instance, working on Apache Syncope +administration console) or by an internal task like a pull task. +A push task can be used to perform a bulk provisioning operation involving either Syncope and one +or more external resources. + +include::connectors.adoc[] + +include::resources.adoc[] + +include::propagation.adoc[] + +include::push.adoc[] + +include::pull.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc new file mode 100644 index 0000000..bf2157a --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/pull.adoc @@ -0,0 +1,52 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Pull +Basically, pull is the mechanism used by Apache Syncope to acquire user, group and any objects data from external resources. +Pull can be "full" (full reconciliation) or "incremental". +In the former case, each pull task execution will take over just of changes from the previous execution +(if exists and connector permits incremental pull). +In the latter case, each pull task execution will take over of the entire set of data managed by the external resource. + +===== From an external resource to Syncope +All the entity (user/group) data involved by a pull are retrieved from an external resource and processed +internally by Syncope itself. +A retrieved entity can be: + +. a matching entity, if a corresponding local/internal entity has been found; +. or an unmatching entity, otherwise. + +By default, Syncope will create locally all the unmatching entities (without linking entities and resources) and will +update all the matching ones. +By the way, a different behaviour can be configured working with matching/unmatching rules. + +===== Matching and Unmatching rules +Unmatching (corresponding user not found on Syncope): + +* IGNORE / UNLINK (do not perform any action); +* ASSIGN (create entity linking the resource); +* PROVISION (create entity without linking the resource). + +Matching (corresponding users found on Syncope): + +* IGNORE (do not perform any action); +* UPDATE (update matching entity); +* DEPROVISION (delete resource entity); +* UNASSIGN (unlink resource and delete resource entity) ; +* UNLINK (just unlink resource without performing any (de-)provisioning operation); +* LINK (just link resource without performing any (de-)provisioning operation). \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc new file mode 100644 index 0000000..06ea053 --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/push.adoc @@ -0,0 +1,51 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Push +Basically, the push is a sort of synchronization mechanism used by Apache Syncope to propagate a filtered set of +user/role/membership data to external resources. +Push can be "full" only: all the data matching the configured filter (potentially the same set of data) will be sent +to the external resource at each push task execution. + +===== From Syncope to an external resource +All the entity (user/group) data involved by a push are retrieved locally and compared with remote ones before sending out. +An entity to be sent out can be: + +. a matching entity, if a corresponding remote entity has been found; +. or an unmatching entity, otherwise. + +By default, Syncope will propagate all the unmatching entities for provisioning (without linking entities and resources) +and will update all the matching ones. +By the way, a different behaviour can be configured working with matching/unmatching rules. + +===== Matching and Unmatching rules +Unmatching (corresponding user not found on external resource): + +* IGNORE (do not perform any action); +* UNLINK (just unlink resource without performing any (de-)provisioning operation - of course, if any link is found); +* ASSIGN (provision entity linking the resource); +* PROVISION (provision entity without linking the resource). + +Matching (corresponding users found on external resource): + +* IGNORE (do not perform any action); +* UPDATE (update matching entity); +* DEPROVISION (delete resource entity); +* UNASSIGN (unlink resource and delete resource entity) ; +* UNLINK (just unlink resource without performing any (de-)provisioning operation); +* LINK (just link resource without performing any (de-)provisioning operation). \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/concepts/provisioning/resources.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/provisioning/resources.adoc b/src/main/asciidoc/reference-guide/concepts/provisioning/resources.adoc new file mode 100644 index 0000000..03c78af --- /dev/null +++ b/src/main/asciidoc/reference-guide/concepts/provisioning/resources.adoc @@ -0,0 +1,51 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Resources +The propagation implements the provisioning on external resources. It depends on the assignment, directly or indirectly + (via memberships), of users/roles to external resources. +Users and roles can be assigned or linked to an external resource in three different ways: with a soft link, +with a hard link, without any link (see below for more details). +Each provisioning operation involving a certain user/role will be propagated (if permitted by resource connector +instance capabilities) towards each resource linked by the user/role object itself. +In general, the provisioning won't occur on a certain external resource if any direct/indirect link exists with +that resource. + +===== Manage external resource provisioning directly +Provisioning will occur on a certain external resource every time the operation involves users or roles assigned +to that resource. +Users and roles can be assigned to an external resource by defining a direct or indirect link between objects. +By the way, Apache Syncope empowers the possibility to control the existence of users/roles on external resources +giving the possibility to manage remote provisioning directly. +In fact, an authorized user (or an internal task - a pull task, for instance) can ask for + +* *link / unlink* users/roles to/from specific resources (soft link), +* *assign / unassign* users/roles to/from specific resources (hard link), +* *provision / de-provision* users/roles on/from specific resources (maybe, without any link). + +link/unlink:: +Apache Syncope gives the possibility to create and remove a sort of soft linking between users/roles and resources. +This kind of link doesn't imply any propagation at link creation/deletion time. +Provision/De-Provision:: +Apache Syncope gives the possibility to directly provision and de-provision users/roles on/from resources, without any +link in place. This provisioning feature (disjoint from the resource link mechanisms) is often very useful in case +of reclaims. +Assign/Unassign:: +Apache Syncope gives the possibility to create and remove a sort of hard linking between users/roles and resources. +This kind of link implies propagation at link creation/deletion time: it is the composition between link/unlink and +provision/de-provision operations. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/extensions/extensions.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/extensions/extensions.adoc b/src/main/asciidoc/reference-guide/extensions/extensions.adoc new file mode 100644 index 0000000..7da12d7 --- /dev/null +++ b/src/main/asciidoc/reference-guide/extensions/extensions.adoc @@ -0,0 +1,21 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +== Extensions + +=== Apache Camel \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/iam/accessmanagers.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/iam/accessmanagers.adoc b/src/main/asciidoc/reference-guide/iam/accessmanagers.adoc new file mode 100644 index 0000000..41470d5 --- /dev/null +++ b/src/main/asciidoc/reference-guide/iam/accessmanagers.adoc @@ -0,0 +1,23 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Access Managers +As briefly mentioned before, in general an access manager is not an identity manager. An access management software +manages above all the authentication on a given environment. It provides the methods, generally called authentication +module, to manage the user authentication, the latter based on various identification systems as the password, +the fingerprint or based on various protocols as SAML and OAuth 2.0. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/iam/iam.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/iam/iam.adoc b/src/main/asciidoc/reference-guide/iam/iam.adoc new file mode 100644 index 0000000..f264ba7 --- /dev/null +++ b/src/main/asciidoc/reference-guide/iam/iam.adoc @@ -0,0 +1,36 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +=== Identity and Access Management +Though Identity management and Access Management are often united, because the two management worlds often coexist in the +same projects or in the same environment, the two topics are completely different: each one has its context, its rules, +its best practices. On the other hand, many softwares have unorthodox implementations so you could do the same thing with +both of them. +However, in general as suggested by their name, the access management basically handles the access in a certain +environment providing some kind of credentials; on the contrary the identity management handles the digital identity +profile and its lifecycle. +Apache Syncope is an identity manager. + +include::identitystores.adoc[] + +include::provisioningengines.adoc[] + +include::accessmanagers.adoc[] + +include::thecompletepicture.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/iam/identitystores.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/iam/identitystores.adoc b/src/main/asciidoc/reference-guide/iam/identitystores.adoc new file mode 100644 index 0000000..a2c8a81 --- /dev/null +++ b/src/main/asciidoc/reference-guide/iam/identitystores.adoc @@ -0,0 +1,35 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Identity Stores +An identity store is the place where digital identities are stored. Of course there are various store types, the most +famous are: + +* Microsoft Active Directory; +* LDAP +** OpenLDAP; +** FreeIPA; +** ForgeRock OpenDJ; +** 389 Directory Server; +* DBMS +** MySQL +** PostgreSQL +** Oracle + +From Apache Syncope point of view, an identity store is viewed as an integrated resource with a communication based +on the identity connectors. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/iam/provisioningengines.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/iam/provisioningengines.adoc b/src/main/asciidoc/reference-guide/iam/provisioningengines.adoc new file mode 100644 index 0000000..b317d5d --- /dev/null +++ b/src/main/asciidoc/reference-guide/iam/provisioningengines.adoc @@ -0,0 +1,32 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== Provisioning Engines +A provisioning engine is a software able to execute some operation on the profile of a digital identity. +Precisely this operation could be run to manage a user lifecycle, the _CRUD_ operation to persist the user on an +identity store: + +* Create +* Read +* Update +* Delete + +or could be the operations able to modify the user profile in order to activate or deactivate its digital identity, or +could be the operations to add or remove a role from an user profile to achieve the RBAC (Role-based access control) +in an environment and so on. Definitely a provisioning engine manages the digital identity user profile in a centralized +way. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/iam/thecompletepicture.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/iam/thecompletepicture.adoc b/src/main/asciidoc/reference-guide/iam/thecompletepicture.adoc new file mode 100644 index 0000000..c05b97c --- /dev/null +++ b/src/main/asciidoc/reference-guide/iam/thecompletepicture.adoc @@ -0,0 +1,22 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +==== The Complete Picture + +[.text-center] +image::iam-scenario.png[title="IAM Scenario",alt="IAM Scenario"] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/reference-guide.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/reference-guide.adoc b/src/main/asciidoc/reference-guide/reference-guide.adoc new file mode 100644 index 0000000..5253244 --- /dev/null +++ b/src/main/asciidoc/reference-guide/reference-guide.adoc @@ -0,0 +1,77 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +// Quick reference: http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/ +// User manual: http://asciidoctor.org/docs/user-manual/ +// Tricks: https://leanpub.com/awesomeasciidoctornotebook/read + +:homepage: http://syncope.apache.org +:description: Comprehensive guide about Apache Syncope +:keywords: Apache Syncope, IdM, provisioning, identity management, reference, guide + +:docinfo1: +:last-update-label!: +:sectanchors: +:sectnums: +:sectlinks: + += Apache Syncope - Reference Guide +:revnumber: {docVersion} +:toc: right +:toclevels: 4 + +image::http://syncope.apache.org/images/apache-syncope-logo-small.jpg[Apache Syncope logo] + +[NOTE] +.This document is under active development and discussion! +If you find errors or omissions in this document, please don’t hesitate to +http://syncope.apache.org/issue-tracking.html[submit an issue] or +https://github.com/apache/syncope/pulls[open a pull request] with +a fix. We also encourage you to ask questions and discuss any aspects of the project on the +http://syncope.apache.org/mailing-lists.html[mailing lists or IRC]. +New contributors are always welcome! + +[discrete] +== Preface +This reference guide covers Apache Syncope services for identity management, +provisioning, and compliance. + +== Introduction + +*Apache Syncope* is an Open Source system for managing digital identities in enterprise environments, implemented in +Java EE technology and released under the Apache 2.0 license. + +*Identity Management* (or IdM) means to manage user data on systems and applications, using the combination of +business processes and IT. IdM involves considering user attributes, roles, resources and entitlements in trying to answer the +following thorny question: + +[.text-center] +_Who has access to What, When, How, and Why?_ + +include::iam/iam.adoc[] + +include::architecture/architecture.adoc[] + +include::concepts/concepts.adoc[] + +include::workingwithapachesyncope/workingwithapachesyncope.adoc[] + +include::extensions/extensions.adoc[] + +include::usecases/usecases.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/usecases/usecases.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/usecases/usecases.adoc b/src/main/asciidoc/reference-guide/usecases/usecases.adoc new file mode 100644 index 0000000..aa10511 --- /dev/null +++ b/src/main/asciidoc/reference-guide/usecases/usecases.adoc @@ -0,0 +1,19 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +== Use cases \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/adminconsole.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/adminconsole.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/adminconsole.adoc new file mode 100644 index 0000000..3be38cc --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/adminconsole.adoc @@ -0,0 +1,46 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +=== Admin Console +Once Apache Syncope applications have been deployed, you can go to the following url to access the admin console. +[source] +-- +http://host:port/syncope-console/ +-- + +where `host` and `port` reflect your Java EE container installation. + +You should be greeted with the following web page. + +image::consoleLogin.png[console-login] + +The default admin password for a fresh installation is "password". Enter your credentials and press Login. + +==== Pages + +include::dashboard.adoc[] + +include::realms.adoc[] + +include::topology.adoc[] + +include::reports.adoc[] + +include::configuration.adoc[] + +include::extensions.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/configuration.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/configuration.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/configuration.adoc new file mode 100644 index 0000000..87c4419 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/configuration.adoc @@ -0,0 +1,60 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Configuration +The configuration tab allows the admin to customize the syncope deployment to fit the needs of the +organization. It provides the following functionality + +Audit:: + +Allows the admin to inspect the functionality of various components of the syncope deployment. + +Logs:: + +The admin can set the level of logs that are to be displayed. For example, the admin can set it +to display only the errors of io.swagger, in which case the warnings and information logs will +not be displayed. + +Notifications:: + +This allows the admin to set events and corresponding templates for mail notification to be sent +to the users. Trace level defines the condition in which an event will trigger the sending of a +notification. Templates for such notifications can also be added and edited using this tab. + +Parameters:: + +Presents the user with a list of key value pairs containing variables used in the syncope +deployment such as token.expireTime and password.cipher.algorithm . These can be edited by the +admin to further customize the deployment. + +Policies:: + +Allows the admin to define rules for account, passwords and pulls. Accounts and password policies +are defined using java classes while pull policies are defined from within the console using +correlation rules. + +Roles:: + +Displays and provides editing functionality for roles and their corresponding entitlements along +with the realms that they are enforced upon. + +Security Question:: + +The admin can use this to define a set of security questions which the endusers can choose from +to allow them to recover their account in case of a forgotten password. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/dashboard.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/dashboard.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/dashboard.adoc new file mode 100644 index 0000000..51c3663 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/dashboard.adoc @@ -0,0 +1,56 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Dashboard +The dashboard provides an overall view of the current state of the syncope deployment. It +consists of various widgets and tabs that show the different metrics and details of each component +of the syncope deployment. + +image::consoleDashboard.png[console-dashboard] + +Overview:: + +Contains widgets to display + +* Number of users +* Number of groups +* Number of external resource instances available (Printer as a default) +* Number of resources +* Configuration Status: Shows the status of missing or incomplete configurations. +* System Load: Shows the CPU and Memory usage of the syncope deployment on the server. +* User Status: Shows the status of tasks for admin such as provisioning resources to user. +* Users, Groups and Any Objects Distribution + +Control:: + +Allows admin to + +* Run a predefined list of jobs +* View Reconciliation status of recently run jobs + +Extensions:: + +The default syncope installation comes with camel metrics enabled which allows the user to see how +many + +* Users have been activated +* Passwords have been reset +* Objects have been created +* Groups have been created +* Group pulls have been created... http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/extensions.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/extensions.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/extensions.adoc new file mode 100644 index 0000000..2b67000 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/extensions.adoc @@ -0,0 +1,26 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Extensions +The extensions tab shows the extensions installed on the given Apache Syncope deployment. + +Among the available extensions, the one for Apache Camel-based provisioning is often installed: users can inspect the +performance measures for the various routes defined. + +image::consoleCamelExtension.png[console-camel-extension] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/realms.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/realms.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/realms.adoc new file mode 100644 index 0000000..3f9d89f --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/realms.adoc @@ -0,0 +1,63 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Realms +The realms tab provides the admin with the power to manage users, groups and any objects, for all any types defined. + +image::realmsUser.png[console-realms-user] + +User:: + +Allows the admin to + +* Create user +* Force password change for user +* Manage resources available to user +* Enable/Disable users +* Clone a user +* Edit user details +* View and edit propagation tasks of user +* View and edit notification tasks of user +* Delete user + +Group:: + +Allows admin to + +* Create group +* Clone a group +* Edit group details +* View, create and edit extensions +* View and edit propagation tasks of group +* View and edit notification tasks of group +* Provision members +* Deprovision members +* Delete group + +Printers:: + +The default syncope installation comes with printers add as a object. This can be reconfigured for +other things such as folders and services. + +* Add a new printer +* Clone a printer entry +* Edit printer details +* View and edit propagation tasks of printer +* View and edit notification tasks of printer +* Delete printer http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/reports.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/reports.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/reports.adoc new file mode 100644 index 0000000..907b9ae --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/reports.adoc @@ -0,0 +1,32 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Reports +The reports tab presents the admin with the reports generated from various jobs run on the syncope +deployment. These reports are displayed using report templates which can be defined for FO, HTML +and CSV formats. This tab also allows the admin to create and edit such templates. + +Missing information: + +* reports can be run several times, each execution can be exported in the supported formats +* reports can be defined by composing reportlet instances +* predefined reportlets are available, more can be developed + +image::consoleReports.png[console-reports] + http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/topology.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/topology.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/topology.adoc new file mode 100644 index 0000000..efbc43f2 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/adminconsole/topology.adoc @@ -0,0 +1,26 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Topology +The topology tab provides a mapped view of the available connector bundles, instances and +resources available and configured in the syncope deployment. It also allows the admin to perform +all the actions listed in the realms tab. + +image::consoleTopology.png[console-topology] + http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/cli.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/cli.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/cli.adoc new file mode 100644 index 0000000..71a7246 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/cli.adoc @@ -0,0 +1,64 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// +=== CLI + +Once you have downloaded and unzipped the zip file containing the scripts, you will find a `lib` directory and +two scripts: `syncopeadm.sh` and `syncopeadm.bat`. +You will use one of these files, depending on your operating system. + +[NOTE] +Every example described in this document is executed on a GNU / Linux machine with a _debug environment_. + +include::installation.adoc[] + +==== Commands + +include::schema.adoc[] + +include::connector.adoc[] + +include::resource.adoc[] + +include::user.adoc[] + +include::group.adoc[] + +include::role.adoc[] + +include::realm.adoc[] + +include::question.adoc[] + +include::configuration.adoc[] + +include::logger.adoc[] + +include::task.adoc[] + +include::notification.adoc[] + +include::report.adoc[] + +include::policy.adoc[] + +include::info.adoc[] + +include::entitlement.adoc[] + +include::domain.adoc[] http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/configuration.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/configuration.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/configuration.adoc new file mode 100644 index 0000000..3e86789 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/configuration.adoc @@ -0,0 +1,54 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Configuration command +The configuration command retrieves information about the Syncope configuration. + +[discrete] +====== Help message +[source,bash] +---- +Usage: configuration [options] + Options: + --help + --get + --read + Syntax: --read {CONF-NAME} {CONF-NAME} [...] + --update + Syntax: --update {CONF-NAME}={CONF-VALUE} {CONF-NAME}={CONF-VALUE} [...] + --delete + Syntax: --delete {CONF-NAME} {CONF-NAME} [...] + --export + Syntax: --export {WHERE-DIR} + +---- + +[discrete] +====== Options + +--get:: +This get option shows a table with the Syncope configuration. +--read:: +The option to read the value of specified configuration attributes. +--update:: +The option to update a value of specified configuration attributes. +--delete:: +The option to delete specified configuration attributes. +--export:: +The option to export the Syncope configuration to a specified directory. http://git-wip-us.apache.org/repos/asf/syncope/blob/c95b6ff5/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/connector.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/connector.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/connector.adoc new file mode 100644 index 0000000..758ac96 --- /dev/null +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/cli/connector.adoc @@ -0,0 +1,55 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +===== Connector command +The connector command serves to retrieve information about the connector configuration in Apache Syncope. + +[discrete] +====== Help message +[source,bash] +---- +Usage: connector [options] + Options: + --help + --details + --list + --list-bundles + --list-configuration-properties + Syntax: --list-configuration-properties {CONNECTOR-ID} {CONNECTOR-ID} [...] + --read + Syntax: --read {CONNECTOR-ID} {CONNECTOR-ID} [...] + --delete + Syntax: --delete {CONNECTOR-ID} {CONNECTOR-ID} [...] +---- + +[discrete] +====== Options + +--details:: +This option shows a table with some details about connectors and bundles. +--list:: +Running the command with this option you will see the list of connectors with their configuration. +--list-bundles:: +Running the command with this option you will see the list of the bundles available in Syncope. +--list-configuration-properties:: +This option lists the configuration of specified connectors. +--read:: +The option to read all the information of specified connectors. +--delete:: +The option to delete a specified connector.