Configuring the Publisher

The IdentityIQ Publisher framework allows users to integrate (outbound only) with any messaging or data storage solution, giving them the freedom to choose their preferred destination for extracted data publishing. This could include using different queue services or other systems like databases, APIs, filesystems, or custom target systems.

Publishers are currently supported in IdentityIQ when referenced by a Data Extract task. When used from a Data Extract task, the publishers are the destination of the task’s extracted objects.

Publisher IdentityIQ Console Extension

The IdentityIQ console supports the new publishers command, which has commands for listing and testing configured IdentityIQ publishers:

Copy

           publishers publish   
             publishes a message Options:
              --publisherName  <publisher_name>
                 the name of PublishersConfiguration entry. 
                  Required.
              --message 
                  <message>
                 message to publish. 
                  Required.
            publishers list
             lists all configured publishers
            publishers help
             displays usage information

Publisher Registration

Publisher objects are declared in the PublishersConfiguration Configuration object. You can edit the PublishersConfiguration Configuration object using the Debug/Objects page.

Each entry in the Configuration object represents a publisher available to IdentityIQ. The entry declares the information for IdentityIQ to represent and configure a publisher.

Required Configuration

The publisher configuration entry must at a minimum declare the following:

className – The classname declares the path of the Java class which is to be created when calling the publisher.

Additional configuration parameters will vary from publisher to publisher.

Reference Publisher

IdentityIQ includes reference implementations of the following two publisher types:

Logging Publisher
JMS Publisher

The reference publisher can be loaded by importing examplePublishers.xml.

Logging Publisher

The logging publisher, LogPublisher, is provided as a troubleshooting publisher.

This publisher logs any message it receives. The messages will be logged with the specified log level.

Configuration

Copy

   <entry key="LogPublisher">
    <value>
     <Map>
      <entry key="className" value="sailpoint.integration.publishers.LogPublisher" />
      <entry key="level" value="warn" />
     </Map>
    </value>
   </entry>

Key	Change value to
Level	Required logging level. Allowed values include: trace, debug, info, warn, error, and fatal.
loggerName	Optional name of the logger to use from log4j2.properties. Default is sailpoint.integration.publishers.LogPublisher

Key

Change value to

Level

Required logging level.

Allowed values include: trace, debug, info, warn, error, and fatal.

loggerName

Optional name of the logger to use from log4j2.properties. Default is sailpoint.integration.publishers.LogPublisher

JMS (Java Messaging Service) Publisher

The two example publishers available to write to JMS are:

QueueActiveMqJmsPublisher
TopicActiveMqJmsPublisher

Both ActiveMQ publishers use the generic JMS publisher implementation class sailpoint.integration.publishers.JMSPublisher.

The JMSPublisher publisher class is designed to write its message to JMS as its target. It is compatible with JMS-compliant messaging systems without requiring any additional development. The JMS Publisher implementation has been tested on Apache ActiveMQ based on JMS 1.1, though any JMS 1.1 provider should be compatible.

Key	Change value to
JNDI	The JNDI map is used to hold the standard JDNI properties needed to configure a specific JMS provider. Each JMS provider will require its own JNDI configuration which will be described in their official documentation.
Username	Optional. Used if needing to authorize connection to a JMS system.
Password	Optional. If present, the value must be encrypted using IdentityIQ.

ǪueueActiveMqJmsPublisher

The QueueActiveMqJmsPublisher is a pre-defined configuration of the JMSPublisher which serves as an example of configuring for ActiveMQ queue publishing.

Copy

   <entry key="ǪueueActiveMqJmsPublisher">
    <value>
     <Map>
      <entry key="JNDI">
       <value>
        <Map>
         <entry key="connectionFactoryNames" value="ConnectionFactory" />
         <entry key="java.naming.factory.initial" value="org.apache.activemq.jndi.ActiveMǪInitialContextFactory" />
         <entry key="java.naming.provider.url" value="failover:(tcp://localhost:c1000,tcp://localhost:c1001)?maxReconnectAttempts=10&startupMaxReconnectAttempts=10" />
         <entry key="queue.exampleǪueue" value="iiqTestǪueue" />
        </Map>
       </value>
      </entry>
        <entry key="className" value="sailpoint.integration.publishers.JMSPublisher" />
        <entry key="username" value="admin" />
        <entry key="password" value="IIǪ_ENCRYPTED_PASSWORD" />
     </Map>
    </value>
   </entry>

Key	Change value to
JNDI	See ActiveMQ (add hyperlink) for additional ActiveMQ JNDI details.
queue.exampleQueue Note: The key only needs to be the pattern queue.	This is the name of the queue to write. This queue should already exist.
Username	Enter the username of an ActiveMQ user that has write access to the queue above.
Password	Enter the password of the above username. The password can be clear text but should be encrypted. If encrypted, the encrypted text should be generated using the IdentityIQ console encrypt command.

The client jars for ActiveMQ must be added to the classpath of your IdentityIQ web application. ActiveMQ classic client jars include:

activemq-client- <amq_version>.jar
hawtbuf- <hawtbuf_version>.jar
geronimo-j2ee-management_1.1_spec-1.0.1.jar

TopicActiveMqJmsPublisher

The TopicActiveMqJmsPublisher is a pre-defined configuration of the JMSPublisher which serves as an example of configuring for ActiveMQ topic publishing.

Copy

   <entry key="TopicActiveMqJmsPublisher">               
    <value>
     <Map>
      <entry key="JNDI">
       <value>
        <Map>
          <entry key="connectionFactoryNames" value="ConnectionFactory" />
          <entry key="java.naming.factory.initial" value="org.apache.activemq.jndi.ActiveMǪInitialContextFactory" />
          <entry key="java.naming.provider.url" value="failover:(tcp://localhost:c1000,tcp://localhost:c1001)?maxReconnectAttempts=10&startupMaxReconnectAttempts=10" />
          <entry key="topic.exampleTopic" value="iiqTestTopic" />
        </Map>
       </value>
      </entry>
        <entry key="className" value="sailpoint.integration.publishers.JMSPublisher" />
        <entry key="username" value="admin" />
        <entry key="password" value="IIǪ_ENCRYPTED_PASSWORD" />
    </Map>
   </value>
  </entry>

Key	Change value to
JNDI	See ActiveMQ (add hyperlink) for additional ActiveMQ JNDI details.
topic.exampleTopic Note: The key only needs to be the pattern topic.	This is the name of the topic to write. This topic should already exist.
Username	Enter the username of an ActiveMQ user that has write access to the topic above.
Password	Enter the password of the above username. The password can be clear text but should be encrypted. If encrypted, the encrypted text should be generated using the IdentityIQ console encrypt command.

Custom Publishers

Currently, only JMS and logging are supported for publishing with reference publishers. Some customers may have a need to publish their extracted objects elsewhere.

For example:

Writing to REST APIs
Filesystem
Database
Writing to 3rd-party message queue platforms such as Apache Kafka or others do not use JMS APIs.

Customers and partners can develop their own Publisher implementation for these services. The implementation classes and supporting jars can be added to IdentityIQ as another plugin or by adding directly into the IdentityIQ class path.

Implementing a custom publisher

Each publisher implementation must implement the sailpoint.api.Publisher interface, listed below.

Copy

    Package sailpoint.api;

   import java.util.List import java.util.Map;
   import sailpoint.integration.publishers.PublisherConfiguration;
   /**
   * This is a base class for Publisher implementations.
   * Publisher implementation can publish to anything: Ǫueue Services (ActiveMǪ, IBM MǪ, RabbitMǪ, etc.), Database, etc.
   * To IIǪ it's an abstraction that can be used when data needs to be published to an external system.
   */
   public abstract class Publisher implements AutoCloseable {
   /**
   * Publishers are constructed dynamically and must be ensured to have empty constructor
   */
   public Publisher() {
   }

   /**
   * Initializes Publisher
   *
   * @param config configuration this Publisher needs to run with. This is wrapped HashMap with some useful methods
   * @param context SailPointContext
   * @throws Exception if initialization fails
   */
   public abstract void initialize(PublisherConfiguration config, SailPointContext context) throws Exception;
   /**
   * Publishes a message
   *
   * @param message string that needs to be published
   * @param context SailPointContext
   * @throws Exception if publishing fails
   */
   public abstract void publish(String message, SailPointContext context) throws Exception;
   /**
   * Return the list of tags that can be used to find this Publisher among others (for example, based on purpose)
   *
   * @return list of strings (tags)
   */
   public abstract List [String] getTags();
    }

An entry must then be added to PublishersConfiguration Configuration object to register a configured instance of their custom Publisher.