Implement the IdentityStoreProvisionerWithFiltering
interface to provision and
deprovision users, and optionally groups, to an external user store with list/query and
filtering support.
If you do not need to support list/query and filtering, you can implement the
IdentityStoreProvisioner
interface instead.
The following Java packages are needed, at a minimum, for implementing this interface:
-
com.pingidentity.sdk.provision
-
com.pingidentity.sdk.provision.exception
-
com.pingidentity.sdk.provision.users.request
-
com.pingidentity.sdk.provision.users.response
-
com.pingidentity.sdk.provision.groups.response
-
com.pingidentity.sdk.provision.groups.request
Group support is optional (see Check for group provisioning support).
For each Identity Store Provisioner implementation, in addition to the methods described under Shared interfaces, you must implement the following:
- Create user
- Read user
- Read users (not applicable to the
IdentityStoreProvisioner
interface) - Update user
- Delete user
- Check for group provisioning support
- Create group
- Read group
- Read groups (not applicable to the
IdentityStoreProvisioner
interface) - Update group
- Delete group
Create user
UserResponseContext createUser(CreateUserRequestContext createRequestCtx)
throws IdentityStoreException
PingFederate invokes the createUser()
method of your Identity Store
Provisioner in response to create-user requests made to PingFederate services, for example
inbound provisioning. This method is responsible for creating the user in the user store managed
by the Identity Store Provisioner.
The CreateUserRequestContext
will contain all information needed to fulfill
the request (for example, user attributes). If the user was successfully provisioned, a
UserResponseContext
should be returned and contain the user attributes used to
provision the user. An IdentityStoreException
should be thrown if an error
occurred during the creation process. See
com.pingidentity.sdk.provision.exception
package for different exceptions that
can be thrown.
Read user
UserResponseContext readUser(ReadUserRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readUser()
method of your Identity Store Provisioner
in response to get-user requests made to PingFederate services, for example Inbound
Provisioning. This method is responsible for retrieving user data from the user store managed by
the Identity Store Provisioner.
The ReadUserRequestContext
will contain all information needed to fulfill the
request (for example, a user ID). If the user data was successfully retrieved, a
UserResponseContext
should be returned and contain the user attributes for the
user. An IdentityStoreException
should be thrown if an error occurred during
the retrieval process. See com.pingidentity.sdk.provision.exception
package for
different exceptions that can be thrown.
Read users
UsersResponseContext readUsers(ReadUsersRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readUsers()
method of your Identity Store
Provisioner in response to list/query requests for user attributes made to
PingFederate services, for example inbound provisioning. This method is responsible
for retrieving user data from the user store managed by the Identity Store
Provisioner.
The readUsers
method is applicable only to the
IdentityStoreProvisionerWithFiltering
interface; it does
not apply to the IdentityStoreProvisioner
interface.
The ReadUsersRequestContext
will contain all information needed to
fulfill the request (for example, a filter). If the user data was successfully
retrieved, a UsersResponseContext
should be returned and contain
the user attributes satisfying the filter. An
IdentityStoreException
should be thrown if an error occurred
during the retrieval process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Update user
UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx)
throws IdentityStoreException
PingFederate invokes the updateUser()
method of your Identity Store
Provisioner in response to update-user requests made to PingFederate services, for example
inbound provisioning. This method is responsible for updating the user in the user store managed
by the Identity Store Provisioner.
The UpdateUserRequestContext
will contain all information needed to fulfill
the request (for example, user attributes). If the user data was successfully updated, a
UserResponseContext
should be returned containing the user's updated
attributes. An IdentityStoreException
should be thrown if an error occurred
during the update process. See com.pingidentity.sdk.provision.exception
package
for different exceptions that can be thrown.
Delete user
void deleteUser(DeleteUserRequestContext deleteRequestCtx)
throws IdentityStoreException
PingFederate invokes the deleteUser()
method of your Identity Store
Provisioner in response to delete-user requests made to PingFederate services, such as Inbound
Provisioning. This method is responsible for deprovisioning the user in the user store managed
by the Identity Store Provisioner.
The DeleteUserRequestContext
will contain all information needed to fulfill
the request (for example, a user ID). An IdentityStoreException
should be
thrown if an error occurred during the deprovision process. See
com.pingidentity.sdk.provision.exception
package for different exceptions that
can be thrown.
The plugin implementation for delete MAY choose not to permanently delete the
resource, but MUST return a NotFoundException
for all
readUser()
, updateUser()
, and
deleteUser()
operations associated with the previously deleted
Id. In addition, the plugin MUST not consider the deleted user in conflict
calculation. For example, a createUser()
request for a user with a
previously deleted ID should NOT throw a ConflictException
.
Check for group provisioning support
boolean isGroupProvisioningSupported()
throws IdentityStoreException
Implement this isGroupProvisioningSupported()
method to return true
if group provisioning is supported by your Identity Store Provisioner or false
otherwise. An IdentityStoreException
should be thrown if an error
occurred during the query process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Create group
GroupResponseContext createGroup(CreateGroupRequestContext createRequestCtx)
throws IdentityStoreException
PingFederate invokes the createGroup()
method of your Identity Store
Provisioner in response to create-group requests made to PingFederate services, for
example inbound provisioning. This method is responsible for creating the group in
the user store managed by the Identity Store Provisioner if the
isGroupProvisioningSupported()
returns true; otherwise, it
should throw NotImplementedException
.
The CreateGroupRequestContext
will contain all information needed to
fulfill the request (for example, group attributes). If the group was successfully
provisioned, a GroupResponseContext
should be returned and contain
the group attributes used to provision the group. An
IdentityStoreException
should be thrown if an error occurred
during the creation process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Read group
GroupResponseContext readGroup(ReadGroupRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readGroup()
method of your Identity Store
Provisioner in response to get-group requests made to PingFederate services, for
example inbound provisioning. This method is responsible for retrieving group data
from the user store managed by the Identity Store Provisioner if the
isGroupProvisioningSupported()
returns true; otherwise, it
should throw NotImplementedException
.
The ReadGroupRequestContext
will contain all information needed to
fulfill the request (for example, group ID). If the group data was successfully
retrieved, a GroupResponseContext
should be returned and contain
the group attributes for the group. An IdentityStoreException
should be thrown if an error occurred during the retrieval process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Read groups
GroupsResponseContext readGroups(ReadGroupsRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readGroups()
method of your Identity Store
Provisioner in response to list/query requests for group attributes made to
PingFederate services, for example inbound provisioning. This method is responsible
for retrieving group data from the user store managed by the Identity Store
Provisioner if the isGroupProvisioningSupported()
returns true;
otherwise, it should throw NotImplementedException
.
The readGroups
method is applicable only to the
IdentityStoreProvisionerWithFiltering
interface; it does
not apply to the IdentityStoreProvisioner
interface.
The ReadGroupsRequestContext
will contain all information needed to
fulfill the request (for example, a filter). If the group data was successfully
retrieved, a GroupsResponseContext
should be returned and contain
the group attributes for the groups. An IdentityStoreException
should be thrown if an error occurred during the retrieval process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Update group
GroupResponseContext updateGroup(UpdateGroupRequestContext updateRequestCtx)
throws IdentityStoreException
PingFederate invokes the updateGroup()
method of your Identity Store
Provisioner in response to update-group requests made to PingFederate services, for
example inbound provisioning. This method is responsible for updating the group in
the user store managed by the Identity Store Provisioner if the
isGroupProvisioningSupported()
returns true; otherwise, it
should throw NotImplementedException
.
The UpdateGroupRequestContext
will contain all information needed to
fulfill the request (for example, group attributes). If the group data was
successfully updated, a GroupResponseContext
should be returned
containing the group's updated attributes. An
IdentityStoreException
should be thrown if an error occurred
during the update process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.
Delete group
void deleteGroup(DeleteGroupRequestContext deleteRequestCtx)
throws IdentityStoreException
PingFederate invokes the deleteGroup()
method of your Identity Store
Provisioner in response to delete-group requests made to PingFederate services, such
as inbound provisioning. This method is responsible for deprovisioning the group in
the user store managed by the Identity Store Provisioner if the
isGroupProvisioningSupported()
returns true; otherwise, it
should throw NotImplementedException
.
The DeleteGroupRequestContext
will contain all information needed to
fulfill the request (for example, a group ID). An
IdentityStoreException
should be thrown if an error occurred
during the deprovision process. See
com.pingidentity.sdk.provision.exception
package for different
exceptions that can be thrown.