The IdentityStoreUserProvisioner
interface is deprecated, but you can
still implement it to provision and deprovision users to an external user store.
The IdentityStoreUserProvisioner
interface is deprecated. Developers can
implement it to provision and deprovision users, but they should implement either the
IdentityStoreProvisionerWithFiltering
or
IdentityStoreProvisioner
interface.
IdentityStoreUserProvisioner
interface does not provision or
deprovision groups. For group support, see IdentityStoreProvisionerWithFiltering interface implementation.The following Java packages are required for implementing the interface:
-
com.pingidentity.sdk.provision
-
com.pingidentity.sdk.provision.exception
-
com.pingidentity.sdk.provision.users.request
-
com.pingidentity.sdk.provision.users.response
For each identity store provisioner implementation, in addition to the methods described under Shared plugin interfaces, you must implement the following methods:
- Create user
- Read user
- Update user
- Delete user
Create user
UserResponseContext createUser(CreateUserRequestContext createRequestCtx)
throws IdentityStoreException
PingFederate invokes the createUser()
method of your
identity store provisioner in response to create-user requests made to PingFederate services, such as inbound provisioning. This method creates the
user in the user store managed by the identity store provisioner.
The CreateUserRequestContext
contains all information needed to fulfill
the request. If the user is successfully provisioned, the method returns a
UserResponseContext
containing the user attributes used to provision
the user. The method throws an IdentityStoreException
if an error
occurred during the creation process. See the
com.pingidentity.sdk.provision.exception
package for exceptions that
can be thrown.
Read user
UserResponseContext readUser(ReadUserRequestContext readRequestCtx)
throws IdentityStoreException
PingFederate invokes the readUser()
method of your
identity store provisioner in response to get-user requests made to PingFederate services, such as inbound provisioning. This method retrieves user
data from the user store managed by the identity store provisioner.
The ReadUserRequestContext
contains all information needed to fulfill
the request. If the user data is successfully retrieved, the method returns a
UserResponseContext
containing the user attributes for the user. The
method throws an IdentityStoreException
if an error occurred during the
retrieval process. See the com.pingidentity.sdk.provision.exception
package for exceptions that can be thrown.
Update user
UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx)
throws IdentityStoreException
PingFederate invokes the updateUser()
method of your
identity store provisioner in response to update-user requests made to PingFederate services, such as inbound provisioning. This method updates the
user in the user store managed by the identity store provisioner.
The UpdateUserRequestContext
contains all information needed to fulfill
the request. If the user data is successfully updated, the method returns a
UserResponseContext
containing the user's updated attributes. The
method throws an IdentityStoreException
if an error occurred during the
update process. See the com.pingidentity.sdk.provision.exception
package for exceptions that can be thrown.
Delete user
void deleteUser(DeleteUserRequestContext deleteRequestCtx)
throws IdentityStoreException
PingFederate invokes the deleteUser()
method of your
identity store provisioner in response to delete-user requests made to PingFederate services, such as inbound provisioning. This method deprovisions
the user in the user store managed by the identity store provisioner.
The DeleteUserRequestContext
contains all information needed to fulfill
the request. The method throws an IdentityStoreException
if an error
occurred during the deprovision process. See the
com.pingidentity.sdk.provision.exception
package for exceptions that
can be thrown.
The plugin implementation can choose not to permanently delete the resource, but must
return a NotFoundException
for all readUser()
,
updateUser()
, and deleteUser()
operations
associated with the previously deleted ID. In addition, the plugin must not consider
the deleted user in conflict calculation. For example, a
createUser()
request for a user with a previously deleted ID
should not throw a ConflictException
.