Identity Cloud

ICF architecture overview

ICF is situated between the identity management application and the target resource. The framework provides a generic layer between the application and the connector bundle that accesses the resource. The framework implements an API, that includes a defined set of operations. When you are building a connector, you implement the Service Provider Interface (SPI), and include only those operations that are supported by your target resource. Each connector implements a set of SPI operations. The API operations call the SPI operations that you implement.

The following image shows a high-level overview of an ICF deployment.

openicf-arch

Understanding the ICF framework components

When you are building, or modifying, an identity management application to use the ICF Framework and its connectors, you use the following interfaces of the API:

  • Connector Info Manager Component

    The connector info manager maintains a set of connector info instances, each of which describes an available connector. The ICF Framework provides three different types of connector info manager:

    • Local

      A local connector info manager accesses the connector bundle or assembly directly.

    • Remote

      A remote connector info manager accesses the connector bundle or assembly through a remote connector server.

    • OSGi

      An OSGi connector info manager accesses the connector bundle within the OSGi context.

    For more information, refer to ConnectorInfoManager.

  • Connector Info Component

    The connector info component provides meta information (display name, category, messages, and so forth) for a given connector.

  • Connector Key Component

    The connector key component uniquely identifies a specific connector implementation.

  • API Configuration

    The API configuration holds the available configuration properties and values from both the API and the SPI, based on the connector type. For more information, refer to Configuration interface.

  • Connector Facade Interface

    The connector facade is the main interface through which an application invokes connector operations. The connector facade represents a specific connector instance, that has been configured in a specific way. For more information, refer to ConnectorFacade interface.

When you are building a new connector, you implement the SPI, including the following interfaces:

  • The connector interface.

    The connector interface handles initialization and disposal of the connector, and determines whether the connector is poolable. For more information, refer to Connector interface.

  • The configuration interface.

    The configuration interface implementation includes all of the required information to enable the connector to connect to the target system, and to perform its operations. The configuration interface implements getters and setters for each of its defined properties. It also provides a validate method that determines whether all the required properties are available, and valid. For more information, refer to Configuration interface.

    The ICF framework uses the configuration interface implementation to build the configuration properties inside the API configuration.

    When the configuration interface is implemented, it becomes available to the default API configuration.

  • Any operations that the target resource can support, such as CreateOp, UpdateOp, DeleteOp and so forth. For more information, refer to Operation interfaces.

Copyright © 2010-2022 ForgeRock, all rights reserved.