The IdentityStoreUserProvisioner
interface has been deprecated since
PingFederate 7.3. Developers are encouraged to implement either the
IdentityStoreProvisionerWithFiltering
or
IdentityStoreProvisioner
interface.
Implement the IdentityStoreUserProvisioner
interface to provision and
deprovision users to an external user store.
IdentityStoreUserProvisioner
interface does not provision or
deprovision groups. For group support, see Implementing the IdentityStoreProvisionerWithFiltering interface.The following Java packages are needed, at a minimum, for implementing this interface:
-
com.pingidentity.sdk.provision
-
com.pingidentity.sdk.provision.exception
-
com.pingidentity.sdk.provision.users.request
-
com.pingidentity.sdk.provision.users.response
For each Identity Store Provisioner implementation, in addition to the methods described under Shared interfaces, you must implement the following:
- Create user
- Read user
- Update user
- Delete user
Create user
UserResponseContext createUser(CreateUserRequestContext createRequestCtx)
throws IdentityStoreException
PingFederate invokes the createUser()
method of your Identity Store
Provisioner in response to create-user requests made to PingFederate services, for example
inbound provisioning. This method is responsible for creating the user in the user store managed
by the Identity Store Provisioner.
The CreateUserRequestContext
will contain all information needed to fulfill
the request (for example, user attributes). If the user was successfully provisioned, a
UserResponseContext
should be returned and contain the user attributes used to
provision the user. An IdentityStoreException
should be thrown if an error
occurred during the creation process. See
com.pingidentity.sdk.provision.exception
package for different exceptions that
can be thrown.
Read user
UserResponseContext readUser(ReadUserRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readUser()
method of your Identity Store Provisioner
in response to get-user requests made to PingFederate services, for example Inbound
Provisioning. This method is responsible for retrieving user data from the user store managed by
the Identity Store Provisioner.
The ReadUserRequestContext
will contain all information needed to fulfill the
request (for example, a user ID). If the user data was successfully retrieved, a
UserResponseContext
should be returned and contain the user attributes for the
user. An IdentityStoreException
should be thrown if an error occurred during
the retrieval process. See com.pingidentity.sdk.provision.exception
package for
different exceptions that can be thrown.
Update user
UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx)
throws IdentityStoreException
PingFederate invokes the updateUser()
method of your Identity Store
Provisioner in response to update-user requests made to PingFederate services, for example
inbound provisioning. This method is responsible for updating the user in the user store managed
by the Identity Store Provisioner.
The UpdateUserRequestContext
will contain all information needed to fulfill
the request (for example, user attributes). If the user data was successfully updated, a
UserResponseContext
should be returned containing the user's updated
attributes. An IdentityStoreException
should be thrown if an error occurred
during the update process. See com.pingidentity.sdk.provision.exception
package
for different exceptions that can be thrown.
Delete user
void deleteUser(DeleteUserRequestContext deleteRequestCtx)
throws IdentityStoreException
PingFederate invokes the deleteUser()
method of your Identity Store
Provisioner in response to delete-user requests made to PingFederate services, such as Inbound
Provisioning. This method is responsible for deprovisioning the user in the user store managed
by the Identity Store Provisioner.
The DeleteUserRequestContext
will contain all information needed to fulfill
the request (for example, a user ID). An IdentityStoreException
should be
thrown if an error occurred during the deprovision process. See
com.pingidentity.sdk.provision.exception
package for different exceptions that
can be thrown.
The plugin implementation for delete MAY choose not to permanently delete the
resource, but MUST return a NotFoundException
for all
readUser()
, updateUser()
, and
deleteUser()
operations associated with the previously deleted
Id. In addition, the plugin MUST not consider the deleted user in conflict
calculation. For example, a createUser()
request for a user with a
previously deleted ID should NOT throw a ConflictException
.