Deploying the module
This section describes how to deploy our custom module into TFIM 6.2.
First copy the custom module jar file
com.tivoli.am.fim.demo.map_1.0.0.jar to the
<TFIM_install_root>/plugins directory. The remaining high level steps involved in the deployment are as follows:
- Publish the plug-ins through the TFIM Console
- Re-Load the TFIM runtime*
- Create an instance of our custom module
- Configure a trust chain that uses the new plug-in
The remainder of this section describes these steps in more detail.
*NOTE: In previous versions of TFIM, the TFIM Runtime had to be re-deployed in order to detect and load changes to the <TFIM_Home>/plugins directory.
TFIM 6.2 provides the 'Publish Plug-ins' capability which copies jar files from the <TFIM_Home>/plugins directory on the server hosting the TFIM Management Application to the <WebSphereProfileRoot>/config/itfim/plugins directory of all TFIM Runtime nodes in that TFIM domain.
The 'Publish Plug-ins' operation does not reload the TFIM Runtime, but it does reload the TFIM Management application. The console will indicate when updated plug-in data is detected in the plug-ins directory with a message prompting a re-load.
The TFIM runtime must be explicitly reloaded before the new plug-in(s) can be used. The prompt can generally be ignored until all the necessary configuration required for the new plug-in is complete.
Log in to TFIM console: https://<ip_address>:9043/ibm/console/. The TFIM Console shown in Figure 34 will be displayed.
Figure 34. The WebSphere / TFIM Console
Expand the Tivoli® Federated Identity Manager options and select Domain Management -> Runtime Node Management. Figure 35 shows the Runtime Management panel.
Figure 35. Publishing Plug-ins with the Runtime Node Management Panel
Click on the Publish plug-ins button.
Once the Publish plug-ins operation completes, a warning message will be displayed in the TFIM Console prompting you to load the recent configuration changes, as shown in Figure 36.
Figure 36. Load Configuration Changes
Click on the Load configuration changes to Tivoli Federated Identity Manager runtime button and wait for the process to complete.
Create an instance of module in the TFIM Console. Navigate to the Configure Trust Service -> Module Instances section of the Management Console. Click on the Create button. A Module Type screen as shown in Figure 37 will appear. The DemoMap class that defines our custom module should be included in the list of available modules. Note that it may appear on the second page.
Figure 37. Module Types
Select the DemoMap module, then click Next as shown in Figure 38.
Figure 38. Selecting the DemoMap Module Type
Enter a name and description for the new instance being created as illustrated in Figure 39.
Figure 39. Naming the new Module Instance
Click Finish and then re-load the configuration changes to TFIM runtime as prompted.
We can now create new Trust Service Chains that include the 'demoMapInstance' of our custom module.
Navigate to the Configure Trust Service -> Trust Service Chains section of the Management Console. A Trust Service Chains panel as shown in Figure 40 will be displayed.
Figure 40. Trust Chain Management
Click on the Create button and the Trust Service Chain Mapping Wizard will begin. Figure 41 shows the Introduction screen for this wizard.
Figure 41. Trust Chain Wizard
Click Next to proceed to the Chain Mapping Identification screen, as shown in Figure 42. Enter the following values for our basic trust chain and then click Next:
- Chain Mapping Name:DemoChain
- Description: Test DemoMap module instance
Figure 42. Chain Mapping Identification
The next screen allows you to configure the Chain Mapping Lookup properties. The RequestType for our chain should be set to Validate and addresses for AppliesTo and Issuer need to be entered as shown in Figure 43.
Figure 43. Chain Mapping Lookup Parameters
Click Next and the Chain Identification details can be entered:
- Chain Name: DemoChain
- Description: Demo chain including custom mapping module
Figure 44. Chain Identification
Click Next. We can now specify the Chain Assembly. For simplicity in this tutorial we have decided to include the custom mapping module in a basic trust chain consisting of a Default STSUU Instance in 'validate' mode, followed by the custom module in 'map' mode to add an extra attribute and finally another Default STSUU Instance to 'issue' the token.
Add these selected module instances to the chain so that the created chain assembly appears as illustrated in Figure 45.
Figure 45. Chain Assembly
Click Next to continue. The next screen in the Wizard, as shown in Figure 46, is the configuration screen for the first module in the chain. This module is the Default STSUU instance in validation mode. There is no configuration required for this module.
Figure 46. STSUU Validate Properties
Click Next and the configuration screen of our custom module will be displayed as shown in Figure 47. Enter the name and value for the attribute that should be added to the STSUU object. For this tutorial we will add a test attribute with name 'testName' and value 'testValue'.
Figure 47. DemoMap Configuration Properties
Click Next. The next screen in the Wizard is the configuration screen for the last module in the chain, as shown in Figure 48. This module configuration is also for the Default STSUU instance (this time in issue mode). Once again, there is no configuration required.
Figure 48. STSUU Issue Properties
Click Next and a summary of the new trust chain is displayed as shown in Figure 49.
Figure 49. Chain Summary
Click Finish to complete the wizard. Click on the button to load the latest configuration changes into the TFIM runtime.
Figure 50. Created Chain
Figure 50 above shows the new chain which appears in the TFIM console.