Server API

You can use a set of programming calls provided by IBM® Security Directory Integrator Server API to develop solutions and interact with the IBM Security Directory Integrator Server locally and remotely.

It also includes a management layer that exposes the Server API calls through the Java™ Management Extensions (JMX) interface.

The Server API includes calls that allow you to:

Get information about the IBM Security Directory Integrator Server
Get information about components installed on the Server
Read, Modify and Write configurations loaded by the Server
Create and Load new configurations on the Server
Start, Query and Stop AssemblyLines
Cycle manually through AssemblyLines
Register for and receive notifications for Server events
Register for and receive AssemblyLines log messages

All calls can be invoked locally from the IBM Security Directory Integrator Server JVM, and remotely from another JVM (on the local or a remote network machine), through RMI:

Local access: This type access includes scripting in AssemblyLine hooks and also using the API from new components (Connectors, Function Components) implemented in Java and deployed on the Server.
Remote access:: This type of access enables the implementation of solutions that remotely connect to IBM Security Directory Integrator and manage processes within IBM Security Directory Integrator or/and build business logic on top of IBM Security Directory Integrator . It could be an application dedicated solely to IBM Security Directory Integrator or an application that uses IBM Security Directory Integrator to accomplish some of its goals.

A management layer of the Server API exposes the Server API calls through JMX. This provides for Server manageability and enables you to plug IBM Security Directory Integrator into a managing infrastructure that speaks JMX. The JMX interface is accessible:

Locally, as defined in the JMX 1.2 specification
Remotely, through RMI as defined by the JMX Remote API 1.0 specification

The notifications issued by the Server API internal engine are also available as JMX notifications.

Remote access to the Server API (including the JMX Remote API) is secured by using SSL with client and server authentication.

The different methods that can be used to access the IBM Security Directory Integrator Server API are depicted on the diagram below:

Diagram showing the different methods that can be used to access the Server API.

Sample use case

In this sample scenario, a client (a stand-alone Java application, for example) needs to start an AssemblyLine on IBM Security Directory Integrator Server. The client could use the Server API and access it remotely through the RMI interface, using the Server API RMI client library.

In accordance with the security model described in Security, the client will first create a session to the remote IBM Security Directory Integrator Server using its own certificate or custom authentication. The Server will successfully authenticate the client if it has the client certificate in its truststore or custom authentication succeeds. If the authentication is successful the client will be provided with an object that represents an entry point for calling Server API methods. Using that object the client will invoke the call for starting an AssemblyLine passing parameters that specify which AssemblyLine needs to be started.

Before actually executing the method the Server API will check whether the client is authorized to execute that method – the identity of the client is determined through the client certificate used to establish the SSL channel or with provided credentials for the custom authentication. If the client is allowed to start this AssemblyLine the method will be executed and the AssemblyLine will be started; otherwise, the method will not be executed and an error (exception) will be sent back to the client indicating that it is not authorized to perform this operation.