Exchange of information about users 1C through SPML gateway
Unfortunately, in the Russian language there is no adequate translation for the term Single Sign-On (SSO) (single sign-on technology for various information resources), therefore in the text it was left without translation.
For the exchange of information about users, resources and services, in the OASIS consortium, an XML-based standard, Service Provisioning Markup Language (SPML), was developed. SPML is needed to unify and automate the management of user data and rights within companies. Undoubtedly, with the increase in the number of information systems (logistics, accounting, personnel management, customer interaction, etc.) within the company, the old methods of user management no longer work so effectively. Who did not have to write such letters - Dear Administrator, please make an account for the user ... Dear Administrator, please open the folder for me to view ... Over time, this approach leads to a lot of incorrect data, information leaks and downtime.
')
Today, using SPML version 2.0 (version 1.0 had a limited number of operations on resources, a limited scheme for describing users, and a simplified syntax for use / integration), you can develop portable solutions for managing users (identity management) and integrate various information systems to exchange information about users and their rights. Examples of commercial solutions that support SPML are Sun Identity Manager and Oracle Identity Manager . At Sun, we believe that one of the main functions of the Enterprise Resource Management (ERM) application system is enhanced user management and Single Sign-On support (here you can see how to integrate OpenSSO and Jira, for example, http://blogs.sun.com / openomics / entry / jira_opensso_integration )
For many, 1C is primarily known as a manufacturer of 1C: Accounting, which is installed in virtually every company in Russia. Due to this popularity, 1C has become one of the largest manufacturers and distributors of software and has organized a network of more than 5,000 partners. Many of these partners are also partners of Sun Microsystems.
To help our partners adapt open technologies from Sun and add convenience to working with the 1C platform, our ISV Engineering team prepared a prototype SPML interface for 1C: Enterprise, which allowed us to integrate into user management systems in large corporations. Due to the fact that the 1C platform is based on Microsoft technologies and does not provide any external interfaces with the exception of Microsoft COM, it was decided to issue a decision in the form of a gateway that translates SPML requests into COM API calls and exchanges information between systems. The gateway contains an embedded web server for broadcasting HTTP requests, so the administrator can simply install the gateway with the 1C client on clean Windows without any additional software. After that, it will be possible to manage information about users within 1C from any server on the network.
We received very good feedback from our partners about this solution. It will help save a lot of time (and therefore money) when deploying systems and managing 1C: Enterprise, due to the fact that there is no need to install a 1C client on the server with Identity Management software. We expect that 1C partners will continue our work and will be able to use it for their clients. The 1C SPML Gateway code is available under an open license and is available for download.
The main lesson we learned from the implementation of such a solution (for any developer who needs to work with user information) is that a solution with a gateway allows you to add new user management functionality to existing systems without modifying them. And besides, the open SPML protocol allows to maximize the applicability of the solution for modern identity management software. (Or you can use its template for Java API for 1C: Enterprise)
In conclusion, I would like to say that we are always happy to participate in this project, or use it as a basis for your projects. In any case, you can always write with the issue tracker or mailing list .
For the exchange of information about users, resources and services, in the OASIS consortium, an XML-based standard, Service Provisioning Markup Language (SPML), was developed. SPML is needed to unify and automate the management of user data and rights within companies. Undoubtedly, with the increase in the number of information systems (logistics, accounting, personnel management, customer interaction, etc.) within the company, the old methods of user management no longer work so effectively. Who did not have to write such letters - Dear Administrator, please make an account for the user ... Dear Administrator, please open the folder for me to view ... Over time, this approach leads to a lot of incorrect data, information leaks and downtime.
')
Today, using SPML version 2.0 (version 1.0 had a limited number of operations on resources, a limited scheme for describing users, and a simplified syntax for use / integration), you can develop portable solutions for managing users (identity management) and integrate various information systems to exchange information about users and their rights. Examples of commercial solutions that support SPML are Sun Identity Manager and Oracle Identity Manager . At Sun, we believe that one of the main functions of the Enterprise Resource Management (ERM) application system is enhanced user management and Single Sign-On support (here you can see how to integrate OpenSSO and Jira, for example, http://blogs.sun.com / openomics / entry / jira_opensso_integration )
For many, 1C is primarily known as a manufacturer of 1C: Accounting, which is installed in virtually every company in Russia. Due to this popularity, 1C has become one of the largest manufacturers and distributors of software and has organized a network of more than 5,000 partners. Many of these partners are also partners of Sun Microsystems.
To help our partners adapt open technologies from Sun and add convenience to working with the 1C platform, our ISV Engineering team prepared a prototype SPML interface for 1C: Enterprise, which allowed us to integrate into user management systems in large corporations. Due to the fact that the 1C platform is based on Microsoft technologies and does not provide any external interfaces with the exception of Microsoft COM, it was decided to issue a decision in the form of a gateway that translates SPML requests into COM API calls and exchanges information between systems. The gateway contains an embedded web server for broadcasting HTTP requests, so the administrator can simply install the gateway with the 1C client on clean Windows without any additional software. After that, it will be possible to manage information about users within 1C from any server on the network.
We received very good feedback from our partners about this solution. It will help save a lot of time (and therefore money) when deploying systems and managing 1C: Enterprise, due to the fact that there is no need to install a 1C client on the server with Identity Management software. We expect that 1C partners will continue our work and will be able to use it for their clients. The 1C SPML Gateway code is available under an open license and is available for download.
The main lesson we learned from the implementation of such a solution (for any developer who needs to work with user information) is that a solution with a gateway allows you to add new user management functionality to existing systems without modifying them. And besides, the open SPML protocol allows to maximize the applicability of the solution for modern identity management software. (Or you can use its template for Java API for 1C: Enterprise)
In conclusion, I would like to say that we are always happy to participate in this project, or use it as a basis for your projects. In any case, you can always write with the issue tracker or mailing list .
Source: https://habr.com/ru/post/76496/
All Articles