Configuration OptionsOpenIDM configuration is split between .properties and container
configuration files, and also dynamic configuration objects. The majority
of OpenIDM configuration files are stored under
openidm/conf/, as described in the appendix listing the
File
Layout.OpenIDM stores configuration objects in its internal repository.
You can manage the configuration by using either the REST access to the
configuration objects, or by using the JSON file based viewsAbout Configuration ObjectsObjectsConfiguration objectsConfigurationObjectsOpenIDM exposes internal configuration objects in JSON. Configuration
elements can be either have single instances or multiple instances for
an OpenIDM installation.Single Instance Configuration ObjectsSingle instance configuration objects correspond to services that have
at most one instance per installation.JSON file views of these configuration objects are named
object-name.json.The audit configuration specifies how audit
events are logged.The authentication configuration controls
REST access.The managed configuration defines managed
objects and their schemas.The repo.repo-type
configuration such as repo.orientdb or
repo.jdbc configures the internal repository.The router configuration specifies filters to
apply for specific operations.The sync configuration defines all the mappings
OpenIDM uses when synchronizing and reconciling managed objects.Multiple Instance Configuration ObjectsMultiple instance configuration objects correspond to services that
can have many instances per installation.Configuration objects are named
objectname/instancename. For instance provisioner.openicf/xml.JSON file views of these configuration objects are named
objectname-instancename.json. For instance provisioner.openicf-xml.json.Multiple scheduler configurations can run
reconciliations on different schedules.Multiple provisioner.openicf configurations
correspond to the resources connected to OpenIDM.When Changing the ConfigurationWhen changing OpenIDM's configuration objects, take the following
points into account.OpenIDM's authoritative configuration source is the internal
repository. JSON files provide a view of the configuration objects, but
do not represent the authoritative source.OpenIDM updates JSON files after making configuration changes,
whether those changes are made through REST access to configuration
objects, or through edits to the JSON files.OpenIDM recognizes changes to JSON files when it is running. OpenIDM
must be running when you delete configuration objects, even if you do so
by editing the JSON files.Avoid directly editing configuration objects in the internal
repository. Use either REST access or JSON files to ensure consistent
behavior and that operations are logged.Configuring OpenIDM Over RESTREST APIConfigurationREST APIOpenIDM exposes configuration objects under the
/openidm/config context.REST APIListing configuration objectsYou can list the configuration on the local host by performing a GET
http://localhost:8080/openidm/config.$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
http://localhost:8080/openidm/config
{
"configurations": [
{
"_id": "managed",
"pid": "managed",
"factoryPid": null
},
{
"_id": "repo.orientdb",
"pid": "repo.orientdb",
"factoryPid": null
},
{
"_id": "scheduler/reconcile_systemXmlAccounts_managedUser",
"pid": "scheduler.adc5cd2f-7086-4e30-9d80-b36077861868",
"factoryPid": "scheduler"
},
{
"_id": "org.apache.felix.fileinstall/openidm",
"pid":
"org.apache.felix.fileinstall.abb696a2-95c6-4432-ae74-ba60a319d1bb",
"factoryPid": "org.apache.felix.fileinstall"
},
{
"_id": "sync",
"pid": "sync",
"factoryPid": null
},
{
"_id": "audit",
"pid": "audit",
"factoryPid": null
},
{
"_id": "provisioner.openicf/xml",
"pid": "provisioner.openicf.10e2dd6d-442d-466c-a077-643bb53e2006",
"factoryPid": "provisioner.openicf"
},
{
"_id": "router",
"pid": "router",
"factoryPid": null
},
{
"_id": "authentication",
"pid": "authentication",
"factoryPid": null
}
]
}You can find single instance configuration objects under
openidm/config/object-name.
The following example shows the default audit
configuration.$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
http://localhost:8080/openidm/config/audit
{
"eventTypes": {
"activity": {
"filter": {
"actions": [
"create",
"update",
"delete",
"patch",
"action"
]
}
},
"recon": {}
},
"logTo": [
{
"logType": "csv",
"location": "audit",
"recordDelimiter": ";"
},
{
"logType": "repository"
}
]
}Multiple instance configuration objects are found under
openidm/config/object-name/instance-name.
The following example shows the configuration for the XML connector
provisioner.$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
http://localhost:8080/openidm/config/provisioner.openicf/xml
{
"name": "xmlfile",
"connectorRef": {
"bundleName":
"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion": "",
"connectorName": "com.forgerock.openicf.xml.XMLConnector"
},
"producerBufferSize": 100,
"connectorPoolingSupported": true,
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"operationTimeout": {
"CREATE": -1,
"TEST": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"GET": -1,
"UPDATE": -1,
"DELETE": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"SYNC": -1,
"SCHEMA": -1
},
"configurationProperties": {
"xsdIcfFilePath": "samples/sample1/data/resource-schema-1.xsd",
"xsdFilePath": "samples/sample1/data/resource-schema-extension.xsd",
"xmlFilePath": "samples/sample1/data/xmlConnectorData.xml"
},
"objectTypes": {
"account": {
"$schema": "http://json-schema.org/draft-03/schema",
"id": "__ACCOUNT__",
"type": "object",
"nativeType": "__ACCOUNT__",
"properties": {
"description": {
"type": "string",
"nativeName": "__DESCRIPTION__",
"nativeType": "string"
},
"firstname": {
"type": "string",
"nativeName": "firstname",
"nativeType": "string"
},
"email": {
"type": "array",
"items": {
"type": "string",
"nativeType": "string"
},
"nativeName": "email",
"nativeType": "string"
},
"__UID__": {
"type": "string",
"nativeName": "__UID__"
},
"password": {
"type": "string",
"required": false,
"nativeName": "__PASSWORD__",
"nativeType": "JAVA_TYPE_GUARDEDSTRING",
"flags": [
"NOT_READABLE",
"NOT_RETURNED_BY_DEFAULT"
]
},
"name": {
"type": "string",
"required": true,
"nativeName": "__NAME__",
"nativeType": "string"
},
"lastname": {
"type": "string",
"required": true,
"nativeName": "lastname",
"nativeType": "string"
}
}
}
},
"operationOptions": {}
}See the REST API
Reference appendix for additional details and
examples using REST access to update and patch objects.