Hi Naaman,
Il 21/08/19 13:15, Naaman Hart ha scritto:
Hey Syncope,
We're looking at a way of provisioning identities into a cloud based
PaaS that's under development. The application we're going to host is
LDAP only so we're thinking of hosting an AWS managed AD within and
then using Syncope (installed on customer site) to pull from their AD
and push to ours. Thereby giving us identities that we could refer to
when we provide SAML SSO via their IDP.
Questions are basically the below.
1. Is Syncope the right tool to be used as a collection/sync 'agent'
for this purpose.
Short answer: Yes.
Long answer: As far as I understood you need to migrate users (and also
groups?) from one AD to another. You can easily do this by configuring
two AD resources [1], and, with a pull operation [2], provision them to
Syncope and to destination AD (on AWS). In order to do this you can also
consider to add custom logic (to make some intermediate data
elaboration) to the pull operation by developing a custom pull action in
Java or Groovy [3].
1.
2. Can we slim Syncope down sufficiently that we can give it to a
customer with specific instructions to allow them to use it for
syncing. We want it fairly simple because there's no guarantee of
the level of experience we'd meet on the customer end. A barebones
install also would mean greater flexibility in asking the customer
to host this for us. If it’s too intensive then they may push
back on hosting it.
Do you mean to have a barebone installation of the UI, i.e. admin console?
If so, actual console is the reference implementation; it can be easily
customized since it has been developed using Apache Wicket, an
extensible Java framework for frontends [4]. In other words you can
"shrink to the bone" the actual admin console in order to expose only
some functionalities.
Moreover, if console does not fit your needs, you can consider
developing a custom frontend application that interacts with Syncope.
This is easily doable since Syncope core exposes REST APIs, take a look
at [5] and [6].
Thanks in advance for having a look at this. Any guidance is greatly
appreciated.
Cheers,
Glad to hear about your interest in Syncope :)
Best regards,
Andrea
[1]
https://syncope.apache.org/docs/2.1/reference-guide.html#external-resources
[2]
https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
[3] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
_[4]_ https://wicket.apache.org/
_[5] _
<https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions>https://syncope.apache.org/docs/2.1/reference-guide.html#architecture
[6]
<https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions>https://syncope.apache.org/docs/2.1/reference-guide.html#rest
**
*Naaman Hart*
Cloud DevOps Architect, Strategic Programs
Mobile: +44 (0) 7733 107459
_<https://www.alfresco.com/>_<https://twitter.com/alfresco>__<https://www.facebook.com/alfrescosoftware/>__<https://www.linkedin.com/company/alfresco>__<https://www.youtube.com/c/alfresco>__<https://www.glassdoor.co.uk/Overview/Working-at-Alfresco-Software-EI_IE404506.11,28.htm>_
_
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
