Page tree
Skip to end of metadata
Go to start of metadata

As in the screenshot below, in FR IDC, only a handful of connectors can be created from scratch using the IDM native UI.

For other connectors, it is possible to use one of the sample configurations, copy it to the IDM project directory and then they become visible in the UI. This is not possible in FR IDC, as there is no access to file system. IDM documentation covers the steps to create a connector configuration from scratch using REST API, here - https://backstage.forgerock.com/docs/idm/7/connector-reference/connector-wiz-REST.html

The last step in the process is to "... save that configuration in a file named provisioner.openicf-name.json (where name corresponds to the name of the connector) and place it in the conf directory of your project.". This is fine for on-prem deployments or where you have access to the IDM host's file system. Again, as mentioned, in ForgeRock IDC, that is not the case.

This article details the process to create a connector using REST in FR IDC. Everything remains more or less the same, with two exceptions:

  1. Authn/authz to call IDM REST endpoints (actually not covered in detail here)
  2. Alternative to the last step in the docs


Automation (update)

A set of bash scripts, including one for creating remote RCS based connectors are available here: https://stash.forgerock.org/projects/PROSERV/repos/fidc/browse/utils/scripts

Step-by-step guide

1. Get access token for a user with openidm admin privileges and with fr:idm:* scope. How to do that programatically or using cli is out of scope of this article and may be covered in a future article. As a quick n' dirty solution, you can grab the Bearer token from the FR IDM platform UI (when logged in as an admin) and use it below.

2. Set an environment variable with the token value. This is optional, but the following steps assume this has been done.


export FIDC_BEARER_TOKEN="<token>"


3. Get supported/available connectors


curl \
  -H 'authorization: Bearer '"$FIDC_BEARER_TOKEN" \
  --header "Accept-API-Version: resource=1.0" \
  --request POST \
  'https://<tenant>.forgeblocks.com/openidm/system?_action=availableConnectors'


4. Get configuration template for selected/desired connector (in this example, the scripted REST connector)


curl 'https://<tenant>.forgeblocks.com/openidm/system?_action=createCoreConfig' \
  -H 'authorization: Bearer '"$FIDC_BEARER_TOKEN" \
  -H 'content-type: application/json' \
  -H 'accept: application/json, text/javascript, */*; q=0.01' \
  --data-binary '{"connectorRef":{"connectorHostRef": "testremoteserver1","displayName": "Scripted REST Connector","bundleVersion": "1.5.18.0","systemType": "provisioner.openicf","bundleName": "org.forgerock.openicf.connectors.scriptedrest-connector","connectorName": "org.forgerock.openicf.connectors.scriptedrest.ScriptedRESTConnector"}}'


5. Fill the configuration template returned in the response in 5, with values and submit to get the final configuration.


curl 'https://<tenant>.forgeblocks.com/openidm/system?_action=createFullConfig' \
  -H 'authorization: Bearer '"$FIDC_BEARER_TOKEN" \
  -H 'content-type: application/json' \
  -H 'accept: application/json, text/javascript, */*; q=0.01' \
  --data-binary '<payload>'


6. Save the final configuration, returned by 6, in the IDM configuration, giving it a name (instead of saving a file, we make a HTTP PUT request)

curl 'https://<tenant>.forgeblocks.com/openidm/config/provisioner.openicf/<connector name>' \
  -X PUT \
  -H 'authorization: Bearer '"$FIDC_BEARER_TOKEN" \
  -H 'content-type: application/json' \
  -H 'accept: application/json, text/javascript, */*; q=0.01' \
  --data-binary '<payload>'


That is it! If there were no errors, you should see a connector in the IDM native console.