Distributed topology enabler for identity manager
First Claim
1. A method, comprising:
- in response to receiving a request to login, authenticating a user against a repository;
discovering Identity Manager (IM) nodes in an IM topology that the user is provisioned on by looking up object stubs;
creating a credentials cache to store credentials for the user for the IM nodes that the user is provisioned on;
retrieving node aware account object stubs for the user;
determining whether a first query to retrieve data and a second query to process data have been received;
in response to determining that the first query and the second query have been received,for each of the first query and the second query,generating sub-queries;
identifying IM nodes that are to perform the sub-queries in parallel and that are selected based on a list of services supported by each of the IM nodes;
issuing the sub-queries to the IM nodes using the credentials in the credentials cache; and
receiving results of the sub-queries from each of the IM nodes;
combining the results of each of the sub-queries for the first query and the second query; and
returning node aware account data combined with the combined results with retrieved data for the first query and processed data for the second query; and
in response to determining that the first query and the second query have not been received, returning the node aware account data.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are techniques for combining existing identity management information from multiple Identity Manager (IM) nodes. The combined information from the multiple IM nodes is presented. A provisioning request to change the identity management information is received. The provisioning request is decomposed to form multiple, separate sub-requests. One or more IM nodes are identified to process the sub-requests. The sub-requests are issued to the one or more IM nodes in parallel. A status of each of the sub-requests is received from each of the one or more IM nodes that is processing that sub-request. The received statuses are combined. The combined statuses are returned as a status of the provisioning request.
34 Citations
12 Claims
-
1. A method, comprising:
-
in response to receiving a request to login, authenticating a user against a repository; discovering Identity Manager (IM) nodes in an IM topology that the user is provisioned on by looking up object stubs; creating a credentials cache to store credentials for the user for the IM nodes that the user is provisioned on; retrieving node aware account object stubs for the user; determining whether a first query to retrieve data and a second query to process data have been received; in response to determining that the first query and the second query have been received, for each of the first query and the second query, generating sub-queries; identifying IM nodes that are to perform the sub-queries in parallel and that are selected based on a list of services supported by each of the IM nodes; issuing the sub-queries to the IM nodes using the credentials in the credentials cache; and receiving results of the sub-queries from each of the IM nodes; combining the results of each of the sub-queries for the first query and the second query; and returning node aware account data combined with the combined results with retrieved data for the first query and processed data for the second query; and in response to determining that the first query and the second query have not been received, returning the node aware account data. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product for identity information management, the computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, wherein the computer readable program code, when executed by a processor of a computer, configured to perform; in response to receiving a request to login, authenticating a user against a repository; discovering Identity Manager (IM) nodes in an IM topology that the user is provisioned on by looking up object stubs; creating a credentials cache to store credentials for the user for the IM nodes that the user is provisioned on; retrieving node aware account object stubs for the user; determining whether a first query to retrieve data and a second query to process data have been received; in response to determining that the first query and the second query have been received, for each of the first query and the second query, generating sub-queries; identifying IM nodes that are to perform the sub-queries in parallel and that are selected based on a list of services supported by each of the IM nodes; issuing the sub-queries to the IM nodes using the credentials in the credentials cache; and receiving results of the sub-queries from each of the IM nodes; combining the results of each of the sub-queries for the first query and the second query; and returning node aware account data combined with the combined results with retrieved data for the first query and processed data for the second query; and in response to determining that the first query and the second query have not been received, returning the node aware account data. - View Dependent Claims (6, 7, 8)
-
-
9. A system, comprising:
-
a processor; and non-transitory storage coupled to the processor, wherein the non-transitory storage stores a computer program, and wherein the processor is configured to execute the computer program to perform operations, the operations comprising; in response to receiving a request to login, authenticating a user against a repository; discovering Identity Manager (IM) nodes in an IM topology that the user is provisioned on by looking up object stubs; creating a credentials cache to store credentials for the user for the IM nodes that the user is provisioned on; retrieving node aware account object stubs for the user; determining whether a first query to retrieve data and a second query to process data have been received; in response to determining that the first query and the second query have been received, for each of the first query and the second query, generating sub-queries; identifying IM nodes that are to perform the sub-queries in parallel and that are selected based on a list of services supported by each of the IM nodes; issuing the sub-queries to the IM nodes using the credentials in the credentials cache; and receiving results of the sub-queries from each of the IM nodes; combining the results of each of the sub-queries for the first query and the second query; and returning node aware account data combined with the combined results with retrieved data for the first query and processed data for the second query; and in response to determining that the first query and the second query have not been received, returning the node aware account data. - View Dependent Claims (10, 11, 12)
-
Specification