The IdentityStoreUserProvisioner interface is deprecated. Developers can implement it to provision and deprovision users, but they should implement either the IdentityStoreProvisionerWithFiltering or IdentityStoreProvisioner interface.

Note: The IdentityStoreUserProvisioner interface does not provision or deprovision groups. For group support, see IdentityStoreProvisionerWithFiltering interface implementation.

The following Java packages are required for implementing the interface:

  • com.pingidentity.sdk.provision
  • com.pingidentity.sdk.provision.exception
  • com.pingidentity.sdk.provision.users.request
  • com.pingidentity.sdk.provision.users.response

For each identity store provisioner implementation, in addition to the methods described under Shared plugin interfaces, you must implement the following methods:

  • Create user
  • Read user
  • Update user
  • Delete user

Create user

UserResponseContext createUser(CreateUserRequestContext createRequestCtx) 
throws IdentityStoreException

PingFederate invokes the createUser() method of your identity store provisioner in response to create-user requests made to PingFederate services, such as inbound provisioning. This method creates the user in the user store managed by the identity store provisioner.

The CreateUserRequestContext contains all information needed to fulfill the request. If the user is successfully provisioned, the method returns a UserResponseContext containing the user attributes used to provision the user. The method throws an IdentityStoreException if an error occurred during the creation process. See the com.pingidentity.sdk.provision.exception package for exceptions that can be thrown.

Read user

UserResponseContext readUser(ReadUserRequestContext readRequestCtx)  
throws IdentityStoreException

PingFederate invokes the readUser() method of your identity store provisioner in response to get-user requests made to PingFederate services, such as inbound provisioning. This method retrieves user data from the user store managed by the identity store provisioner.

The ReadUserRequestContext contains all information needed to fulfill the request. If the user data is successfully retrieved, the method returns a UserResponseContext containing the user attributes for the user. The method throws an IdentityStoreException if an error occurred during the retrieval process. See the com.pingidentity.sdk.provision.exception package for exceptions that can be thrown.

Update user

UserResponseContext updateUser(UpdateUserRequestContext updateRequestCtx)
throws IdentityStoreException

PingFederate invokes the updateUser() method of your identity store provisioner in response to update-user requests made to PingFederate services, such as inbound provisioning. This method updates the user in the user store managed by the identity store provisioner.

The UpdateUserRequestContext contains all information needed to fulfill the request. If the user data is successfully updated, the method returns a UserResponseContext containing the user's updated attributes. The method throws an IdentityStoreException if an error occurred during the update process. See the com.pingidentity.sdk.provision.exception package for exceptions that can be thrown.

Delete user

void deleteUser(DeleteUserRequestContext deleteRequestCtx)
throws IdentityStoreException

PingFederate invokes the deleteUser() method of your identity store provisioner in response to delete-user requests made to PingFederate services, such as inbound provisioning. This method deprovisions the user in the user store managed by the identity store provisioner.

The DeleteUserRequestContext contains all information needed to fulfill the request. The method throws an IdentityStoreException if an error occurred during the deprovision process. See the com.pingidentity.sdk.provision.exception package for exceptions that can be thrown.

Note:

The plugin implementation can choose not to permanently delete the resource, but must return a NotFoundException for all readUser(), updateUser(), and deleteUser() operations associated with the previously deleted ID. In addition, the plugin must not consider the deleted user in conflict calculation. For example, a createUser() request for a user with a previously deleted ID should not throw a ConflictException.