TODO

Panel Platform API

Urls

/rest/v1.0/* Routes to REST API

/file/v1.0/* Routes to file download API

/* Routes to single page web app and static files

Static

URLNameDescriptionSecurity
/ GET Home Pagesingle-page web applicationAuthenticated Users
/Content/* GET CSSCSS and font resourcesAuthenticated Users
/Images/* GET ImagesAuthenticated Users
/Scripts/* GET Minified JSAuthenticated Users

REST API

The REST API actions depend on three elements. The first element is the action URL. Within a URL REST behavior is primarily affected by whether the request is a GET or POST.

If the content type is application/json the API will return results as a JSON string, and expects a JSON object in a POST request.

If the content type is application/bson the API will return a byte array representing a BSON object. This data will be compressed with Gzip. Additionally, a compressed BSON object is expected for POST actions.

The API is sparse, meaning that not all actions implement all four pairings of BSON/JSON/GET/POST. There are a few BSON endpoints that use a custom serialization format. Those are documented below.

If an action has an error, the API will typically return a JSON or BSON object (as appropriate) with the format:

{
    "Result": "Error",
    "Error": "Error message",
    "Trace": "Stack trace"
}

If an action is successful but has no return value object, it will return:

{
    "Result": "Success",
}

In the following URL documentation {param} indicates a required parameter, {param?} indicates an optional parameter. {param-} indicates a parameter that is not sensitive to ordering. Params named {skip} , or {limit} should always be integers, and set constraints for paging a large result set.

Parameter Formats

  • Guid - Should be passed in a standard 5 group hexadecimal encoding. Curly braces are optional.
  • Date - Should be parse-able by the .NET System.DateTime class. However, Sync Panel stores all dates in UTC, and to ensure expected behavior regarding timezone/UTC conversion, the recommended format in most cases is the ISO standard yyyy-MM-ddThh:mm:ss.fffZ. To URL Encode this format, Sync Panel will allow the standard URL encoding, or the ':' characters may be replaced with '_' for improved human readability.
  • Base64 - There are two characters in the standard .NET Base64 encoding that are not compatible with URLs. '+' should be replaced with '-', and '/' should be replaced with '_'.
  • Strings - The REST API tries to avoid strings that need to be escaped through the use of slugs. The panel platform exposes the method window.slugify(arg)
window.slugify = function (text) {
    if (!text) {
        return text;
    }

    var ret = text.replace(/[^\w\s\-]/g, '').toLowerCase().trim();
    ret = ret.replace(/[\-\s]+/g, '-');
    return ret;
};

Panel Module

This module encompasses the basic functionality of Sync Panel

PanelModule.Authorize

  • /authorize/{permission} GET JSON
    • Indicates whether user has permission to invoke a particular API URL.
      Permissions take the form "url|GET/POST|JSON/BSON"
      Returns { Error: "Not Authorized" } or { Result: "Success"
    • accessible to authenticated users

PanelModule.Database

  • /db/dataretention POST JSON
    • Posted object should be a serialized SoftwareIDM.PanelModel.DateDefinition class. Method purges panel data older than the posted date.
    • Url authorized, Writer role
  • /db/sphinx POST JSON
    • No post data required. Instructs panel platform to write contents of full text search queue to search engine.
    • Url authorized, Writer role
  • /db/reindex POST JSON
    • No post data required. Instructs panel platform to re-process the entire database contents and write to the full text search queue. This process often takes a while. If you have set <compilation debug="false" it will likely be necessary to increase <httpRuntime executionTimeout > .

PanelModule.Doc

All url endpoints in this section are authorized as /settings GET JSON , and would typically be accessible anyone who can use the Panel platform. This does not present a problem, since the doc urls merely return schema data from type reflection and parsing documentation attributes.

  • /doc/functions GET JSON
  • /doc/special
  • /doc/ruletypes
    • Returns a list of .NET class names that may be used as Workflow Triggers or in Rule Engine Object Properties.
      The returned list values are assembly qualified class names, and are keys into the return set of doc/settingsui . The return format is simply a JSON array.
  • /doc/scheduletypes
    • Returns a list of .NET class names for schedule step settings.
  • /doc/healthtypes
    • Returns a list of .NET class names for health probe settings.
  • /doc/settingsui
    • Returns a large JSON data structure describing the nested type schema, documentation, and settings UI control for all classes that may be exposed in the settings interface. Typical result size is 310 KB. The data structure de-duplicates nested documentation of an included type is listed as a property on another included type. See Settings UI Docs

Rule Function Docs

{
    ClassName: {
        Name: "Friendly Name",
        Description: "description text",
        FunctionDoc: {
            "Name": "Description"
        }
    }
}

Rule Special Values

{
    "Special Name": {
        Name: "Special Name",
        Values: {
            "String Key": Mapped Value
        }
    }
}

Settings UI Docs

{
    "AssemblyName, ClassName" : {
        TypeRef: false, // indicates if this node is a reference to another class in the Settings UI data structure
        MemberName: null, // only set for sub-structures that define members
        Name: "Name of Class (could be real, or ClassDoc given)",
        TypeName: "Qualified type name",
        FriendlyTypeName: "un-qualified type name",
        Description: "class doc or memberdoc description",
        Link: "doc url if defined in ClassDoc",
        IsItem: true/false, // if this is a member, indicates if it's an Item indexer",
        RuleDoc: true/false,  // indicates whether to show in Object Properties helper,
        ParentType: "qualified name" // if this is a sub-class of another settings UI documented type
        Members: { nested Settings UI structures for members },
        Properties: [ Settings exposed with UI Attribute ]
    }
}

PanelModule.ErrorDetail

  • /errordetail/hash GET BSON
    • Returns hash and error code for error detail objects.
    • Url authorized, Save objects feature
  • /errordetail POST BSON
    • Saves a collection of ErrorDetail objects. See Error Detail Object Return Success/Error. Formatting is handled by BsonCompression<ErrorDetail>.
    • Url authorized, Save history feature

Error Detail Object

Represents the error details for history. Typically from synchronizing an MA.

class ErrorDetail
{
    byte[] Hash;
    string ErrorCode;
    AttributeDictionary<string, string> ErrorDetails;
    /*
    ErrorCode, Attribute Name, Algorithm Step, Exported Delta, Imported Entry,
    Rule MA, Flow Rule Name, Source Attributes, Destination Attribute,
    Extension Name, Extension Context, Extension Rule, Extension Stack Trace,
    Error Code, Error Literal (Guids or DNs redacted), Server Error Detail
    */
}

PanelModule.Error

  • /panelerror POST JSON
    • Takes a serialized ErrorPost object and writes it the Panel error data collection. If error reporting is enabled a synopsis of the error is emailed to the report address.
class ErrorPost
{
    List<string> Data;
    string Message;
    string StackTrace;
    string Context;
    string UserName;
}

PanelModule.Health

  • /health GET JSON
    • Returns most recent health check of each named type that is set to display on the dashboard.
    • Url authorized, Read health feature
  • /health POST BSON
    • Saves a list of health checks. Format is handled by BsonCompression<HealthCheck>
    • Url authorized, Save health feature

PanelModule.History

  • /history/{filters-?}*/{skip-?}/{limit-?} GET JSON
  • /history/objects/{id}/{stats-?} GET JSON
    • Returns a filtered set of one or more object records related to a particular history Id. Return set is optionally filtered by statistic type and paged. See History Objects and Object Record
    • Url authorized, Read history feature
  • /history/resultfilters GET JSON
    • Returns list of possible history result strings: { Data: [ strings ] }
    • Url authorized, Read history feature
  • /history/recordfilters GET JSON
    • Returns list of possible history types as an object map: { slug: name } . When filtering history by RecordOf the filter value should be a slug present in the recordfilters result set.
    • Url authorized, Read history feature
  • /history/argumentfilters GET JSON
    • Returns list of possible history arguments as an object map: { slug: name } . When filtering history by Argument the filter value should be a slug present in the rsult set.
    • Url authorized, Read history feature
  • /history/statistics/{stat counters}/{interval?}/{start}/{end?}/{record?}/{argument?} GET JSON
    • Returns data point counts for a chart. For parameter formats see History Statistics. Returns object representing definition of data returned, and a 2-dimensional array of integer data points. See History Statistics
    • Url authorized, View charts feature
  • /history POST BSON
    • Saves a single history record, return Success/Error
    • Url authorized, Writer Role

History Filter Parameters

  • Id - Guid of specific history record to return
  • Range Start Date - date
    If one date formatted string is given, the range is assumed to be from the date to the present. If two are given, the first is mapped to the start of the range, and the second to the end of the range.
  • Range End Date - date
  • Record - "record-{val}", type of history record to return (e.g. slug of program name, or Guid of MA). Value should be a slug from the /history/recordfilters data set.
  • Argument - "arg-{val}", argument of history record to return (e.g. args for program, or slug of Run Profile of MA). Value should be a slug from the /history/argumentfilters data set.
  • Result - "result-{val}", comma separated list of integer statistics or string history result value slug. The result string should be encoded in a format compatible with System.Uri.UnescapeDataString. Result filters don't use slugs, because it is common to have two values that map to the same slug, such as 'Success' and 'success'.
  • Returns history list data. Note: except when requesting a particular history object by Id, this URL returns truncated history objects for performance reasons. The only fields included are a subset of HistoryRecord properties, including: Start and End Dates, Type, Result, RecordOf, Argument and Counters.
{
    "Skip": n,
    "Limit": n,
    "DayCount": n,
    "WeekCount": n,
    "Count": n,
    "History": [ history records ]
}

History Record

The HistoryRecord object is a base class for different history types. Example subclasses include RunRecord, FullScanRecord, and ProgramHistoryRecord.

class HistoryRecord
{
    Guid Id;
    string Result;
    BsonValue RecordOf; // History Type, eg. MA Guid, Program Name
    BsonValue Argument; // e.g. Run Profile, Program Arguments
    DateTime StartDate;
    DateTime EndDate;
    byte[] Counters;
    Dictionary<uint, uint> DecodedCounters;
    List<StatRef> ObjectDetails;
    Type ObjectDetailType; // default is ObjectRecord. May be overridden for things like WorkflowRecord
    List<HistoryError> Errors;
}

History Objects

  • Id - Guid of history to return objects for
  • Stat Definitions - '/' separated list of stat definitions. A stat definition has 1 to 3 '-' separated integers, representing Counter-Skip-Limit. e.g. 2-10-20 will return objects that had an 'Import Add' in the history run, and will skip 10 objects and return 20 (i.e. from 11th-30th inclusive). A list of counters may be obtained from the Sync Panel javascript dom using a web debugger, by inspecting window.helpers.enums.counterStrings.
  • Returns
{
    "ObjectCounts": [ {
        "Counter": n,
        "Count": n,
        "Limit": n,
        "Skip": n
    } ],
    "Objects": [ object records ]
}

History Statistics

  • Stat Counters - One or more data series. Each series is separated by '-'. Counters within a series are separated by ','. For example, the default charts of Imports, Exports, and Errors uses: 2,3,4,5,6-25,26,27,28-41,42,43,44.
  • Interval - The interval is expressed as a decimal number of hours between datapoints.
  • Start - The ISO timestamp to begin the first data point. If the chart spans more than a week of time it will be auto-justified to the date (midnight).
  • End - Optional ISO end timestamp. If no end parameter is provided it defaults to DateTime.UtcNow.
  • Record - Value of history type to aggregate, typically an MA Guid.
  • Argument - Filter on which history objects of a type to aggregate.
  • Return Format - the format of a history statistics query follows:
{
    "RecordOf": "typically MA Guid, process-workflows, or azure-scan", // optional
    "Argument": "", // optional
    "Start": "yyyy-MM-ddThh:mm:ss.fffZ",
    "End": "yyyy-MM-ddThh:mm:ss.fffZ",
    "Interval": 24.0,
    "StatisticsDefinition": [ [n,n,n], [n,n] ], // each 'n' represents a statistics counter, an array is a data series
    "Stats": [ [0,0], [3,0], ...] // each array is a timestamp on the chart, and each number is a data point
}

PanelModule.Multi

  • /multi/searchfields/{id} GET JSON
    • Gets set of searchable fields for searching within a multi attribute, based on the Guid ID of the object with the reference attribute. Returns { "Data": [ fields ] } .
    • Url authorized, View objects feature
  • /multi/fields/{id} GET JSON
    • Gets Multi-field data for an object, based on the Guid ID of the object with the reference attribute. See Multi Fields
    • Url authorized, View objects feature
  • /multi/dates/{id} GET JSON
    • Gets all dates that a multi or reference value attribute changed for an object, along with the GUID of the corresponding history object. Returns { { yyyy-MM-ddThh:mm:ss.fffZ: Guid, ... }
    • Url authorized, View objects feature
  • /multi/search POST JSON
    • Expects Multi-Search in POST data (see below), used to search within a multi-value attribute. See Multi Search
    • Url authorized, Search feature
  • /multi/hash/{search index} GET BSON
    • Returns hashes for all multi-value attributes in the given search silo. The return format is a binary array with:
      16 bytes for hash, 8 bytes for the TimeStamp, 16 bytes for the Guid Object Id of the ObjectRecord that owns the attribute.
    • Url authorized, save object feature
  • /multi POST BSON
    • Save collection of multi attributes. Format is handled by BsonCompression<MultiAttr> Result Success/Error
    • Url authorized, Save object feature

Multi Fields

The multi-field object format is:

{
    "Refs": { "id": "dn", "id2": "dn2" }, // id is the guid id of an object, dn is the DN or displayName of that object
    "Fields": {
        "fieldName": {
            "Count": n,
            "IsRef": true/false,
            "TimeStamp": "yyyy-MM-ddThh:mm:ss.fffZ" //iso UTC stamp of maxiumum date of field add/delete,
            "Values": [ { "Value": value, "TimeStamp": time added, "Deleted": time deleted or null } ]
            // Values limited to up to 10 with deleted null, and up to 10 more with a deleted timestamp
        }
    }
}

The search POST object format is:

{
    "Attribute": "field name", // field to search within
    "ObjectID": "guid", // id of object that has multi-field to search
    "IsRef": true/false, // indicates whether searching within referenced objects or searching the values of a multi-field
    "MinAddedDate": "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    "MaxAddedDate": "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    "MinDeletedDate": "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    "MaxDeletedDate": "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    "Term": "Search term", // optional
    "Limit": n, // optional
    "Skip": n // optional
}

When performing a multi-value search, if the Term is left blank the search engine will not be queried, and the database records will be filtered based on the other search limiters.

When searching within a multi-value attribute Panel platform searches all objects in the database, and then filters the results based on whether the object is referenced by the multi-value attribute. Because the search engine only returns the first 1000 results, if a very general search term is used, then there may be objects that meet the criteria but are not returned by the search. If the search has been affected by this limit, the SearchLimited attribute will be true in the result object.

The search results format is:

{
    "Index": "index name", // search engine index used to perform search
    "SearchLimited": true/false, // whether the search term was too general to produce a complete result set
    "Count": n, // number of records that matched the search and are also in the reference attribute
    "Data": [ { "Value": value, "Added": timestamp, "Deleted": timestamp } ], // search results
    "Limit": n,
    "Skip": n
}

PanelModule.Object

  • /object/{id}/{nolink?}|{typename?} GET JSON
    • Retrieve object details in JSON format.
      If nolink is specified only the core object is returned with no join data. See Object Result
      If an assembly-qualified type name is specified, then the result object will be from the data collection matching the specified type name.
    • Url authorized, View object feature
  • /object POST BSON
    • Save collection of objects, format is handled by BsonCompression<ObjectRecord>, result Success/Error
    • Url authorized, Save objects feature
    • Url authorized, Admin Role
  • /object/hash/{search index} GET BSON
    • Retrieves hash comparison values for all objects in the given search index. Uses non-bson binary serialization. See Object Compare Hash
    • Url authorized, Save objects feature
  • /object/reflinks POST JSON
    • Takes a list of Guid Object Ids, and queries the Object collection to find Link data. Expects POST data of { Ids: [ ids ] } . Returns { Id: [{ TimeStamp: "yyyy-MM-ddThh:mm:ss.fffZ", Links: [ link ] }] }
    • Url authorized, View objects feature
  • /object/applyjoin POST JSON
    • Iterates the Object Record collection and re-applies Join Rules.
    • Url authorized, Save settings feature

Object Result

The object result format is:

{
    "Links": { id: object }, // object details for linked objects, will traverse through Metaverse
    "Object": { object json }
}

Object Record

ObjectRecord is the base class for objects that can be viewed in the Time Traveler. Examples include CSRecord, and MVRecord.

class ObjectRecord
{
    Guid Id;
    string Type;
    byte[] Hash;
    string DN;
    List<Link> Links;
    List<ObjectChange> Changes;
    DateTime? Modified;
    DateTime? Created;
    DateTime? Deleted;
    string SearchIndex;
    string ObjectType;
    AttributeDictionary<string, BsonValue> Attributes;
}

class Link
{
    bool Connected;
    Guid Other;
    DateTime TimeStamp;
}

class ObjectChange
{
    DateTime TimeStamp;
    List<Link> Links;
    Guid? ChangeSource;
    ModType ModificationType;
    string DN;
    AttributeDictionary<string, AttributeChange> SIngleAttributes;
}

class AttributeChange
{
    AModt Kind;
    BsonValue Value;
}

enum ModType
{
    None = 0,
    Add = 1,
    Update = 2,
    Rename = 4,
    Move = 8,
    Delete = 16,
    Connect = 32,
    Disconnect = 64,
    Error = 128,
    Pending = 256,
    AddDisconnect = 512
}

enum AModt
{
    NotConfigured = 0,
    Add = 1,
    Replace = 2,
    Update = 3,
    Delete = 4,
    Remove = 5
}

Object Compare Hash

Because Panel platform may return hundreds of thousands of object hashes in a single query, this path uses a custom data structure to maximize performance. The return value of the /object/hash query is a compressed byte[] with serialized ObjectCompareHash elements. The de-serialization logic simply reads ObjectCompareHashes from the array until the array terminates, so there is no additional count or size data. The class structure is:

class ObjectCompareHash
{
    Guid Id;
    byte[16] Hash; // sized for 128 bit MD5 hash, or the first half of SHA256
    List<Link> Links;
}

The serialization format is:

byte[] {
    Id.ToByteArray(),
    Hash,
    (byte)(from l in link where link.Connected).Length,
    from l in link where link.Connected select l.Other.ToByteArray()
}
  • /search/indices GET JSON
    • Returns a data-structure describing available search indices. See Search Indices Format
    • Url authorized, Search feature
  • /search POST JSON
    • Returns search results, expects search data in POST. See Search Format
    • Url authorized, Search feature

Search Indices Format

{
    Data: [
        {
            Name: "Index Name", // e.g. "Metaverse", "History", "MA Name"
            DeleteFilter: true/false,
            CreatedFilter: true/false,
            ModifiedFilter: true/false,
            ObjectTypeFilter: true/false,
            Index: "Index identifier", // e.g. "Metaverse", "MA Guid"
            Fields: [ "field names" ],
            MultiFields: [ "multi-value field names" ],
            ReferenceFields: [ "reference field names" ],
            FieldTypes: { fieldName: [ "Types" ] }, // e.g. BsonString, String, DateTime
            ObjectTypes: [ "types" ] // e.g. "user", "group"
        }
    ]
}

Search Format

The search POST object format is:

{
    Term: "Search term", // optional
    Index: "index identifier", // required
    ObjectType: "type", // optional
    Deleted: true/false, // optional, indicates whether to included deleted objects in search results
    MinCreatedDate: "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    MaxCreatedDate: "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    MinModifiedDate: "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    MaxModifiedDate: "yyyy-MM-ddThh:mm:ss.fffZ", // optional
    Limit: n, // optional
    Skip: n // optional
}

The search results format is:

{
    Count: n,
    Limit: n,
    Skip: n,
    ResultType: "type of indexed objects", // e.g. HistoryRecord, ObjectRecord
    Index: "index identifier",
    IndexName: "name",
    Results: [ objects ]
}

PanelModule.Settings

  • /settings GET JSON
    • Returns complete Panel settings as JSON string. Primarily used by PanelTool and Panel Service, since settings JSON is pre-loaded in the source of the web application.
    • Url authorized, View settings feature
  • /settings/attributes GET JSON
    • Returns a list of all attribute names used across silos. Used to initialize the Attribute Translation settings. Format is { Data: [ attribute names ] }
    • Url authorized, View settings feature
  • /settings/guid GET JSON
  • Returns a randomly generated Guid. Used to initialize Id property of provider settings. Format is { Value: "guid" }
    • Url authorized, View settings feature
  • /settings POST JSON
    • Saves posted settings, overwriting the current settings
    • Url authorized, Save settings feature
  • /settings/{type} POST JSON
    • Saves a particular setting section, where the {type} parameter corresponds to the JSON Property of that section.
    • Url authorized, Save settings feature
  • /settings/encipher POST JSON
    • Encrypts a string using RSA 2048. Due to algorithm used, this method is suitable for sort strings like passwords. Expects { Value: "to encrypt" }
      Requires Password Storage license to be applied. This license code is included with all panel platform products, but applying it may be omitted based on company policy.
    • Url authorized, Save settings feature.
  • /settings/decipher POST JSON
    • Decrypts a string encrypted by encipher. Expects { Value: "ec:to decrypt" } .
    • Url authorized, Decrypt settings feature
  • /settings/testmessage POST JSON
    • Sends a test message based on email settings. Expects { Settings: Email settings, Subject: "Subject", Message: "Message" } . The email is sent to the Fallback Recipient in the email settings. Returns Success/Error
    • Url authorized, Save settings feature

Reporting Module

The Reporting Module facilitates creation and retrieval of Sync Panel reports.

  • /report/{timestamp?} POST JSON
    • Builds and returns a report as defined in the posted JSON structure. If the url contains a timestamp parameter, it builds the report based on that point in time.
    • Url authorized, View reports feature

Report Request Format

For examples of the Report setting format, you can build a report using the settings interface, then inspect the request sent by the report viewing interface. Unlike report file downloads, it is possible to view a report in the browser without saving it in the settings.

{
    Name: "Report Name",
    Scope: "search index value of objects", // e.g. Metaverse, MA Guid
    ObjectType: "", // optional
    Deleted: { // optional
        After: { Unit: "Hours|Days|Weeks|Months|Years", Quantity: 1, Date: "" }, // time range
        Before: { see After },
        NotDeleted: true/false
    },
    LastModified: { Optional, see Deleted },
    Filters: [ // optional
        {
            Attribute: "",
            Operator: "$lt|$gt|$lte|$gte|$ne|$in|$regex", // "" is =
            Value: ""
        }
    ],
    Sort: { Attribute: "Modified", Direction: -1|1 },
    DisplayFields: [ "list of fields" ],
    MultiFields: [ "list of fields to include in download" ] // optional
    Limit: n,
    Skip: n
}

File API

  • /report/{name-slug}/{excel|json|delimited|avp}/{id|dn?}/{maxobjects?}/{pointintime?} GET
    • Locates a report from the settings, builds and returns a file download. The file is named "report_name-slug" with the appropriate extension for the requested file type.
    • Url authorized, View reports feature

Report files can only be downloaded for reports saved in settings.

Report Download Parameters

  • Name slug - The name slug is the report name lower-case, with all non-characters replaced by '-'
  • File format - A report download query should specify excel, json, delimited, or avp as the file format.
  • Reference value handling - By default, report downloads use the object id to establish reference attribute links for improved performance. This can be changed by adding /dn to the url.
  • Max Objects - This optional parameter can be used to limit the size of a report
  • Point in time - Specify a DateTime parseable timestamp value to generate a report keyed to a particular point in time.

The returned file will have a file name based on the slug of the report name.

Workflow Module

The Workflow module allows creation and processing of Panel workflows.

  • /workflow/link/{linkid} POST JSON
    • Queues workflow step based on link. This url endpoint is to be invoked from the browser by a user clicking on an email link. The POST action prevents inadvertent link follow.
    • Url authorized, Workflow link feature
  • /workflow/link/{linkid} GET JSON
    • Queues workflow step based on link. This url endpoint uses a simple GET and may be invoked from a script, but requires higher security access.
    • Url authorized, Workflow REST link feature
  • {{{ /workflow/steptypes
    • Returns list of class names for workflow steps
    • Url authorized, Read settings feature
  • /workflow POST BSON
    • Returns collection of WorkflowRecords from Workflow Queue.
    • Url authorized, Writer role
  • /workflow/record POST BSON
    • Saves workflow records for progress on workflow processing. Data format is handled by BsonCompression<WorkflowRecord>.
    • Url authorized, Writer role

Azure Module

The Azure module contains endpoints specific to the Azure AD provider.

  • azure/ps GET JSON
    • Returns list of class types for PowerShell command strips for Azure settings.
    • Url authorized, Read settings feature
  • azure/childps GET JSON
    • Returns collection of types for child command strips for Azure settings. Format is { "parent type": [ child types ] } .
    • Url authorized, Read settings feature

Sync Module

The Sync Module encompasses functionality that is specific to the FIM 2010 synchronization service. It adds URL endpoints and classes for saving and retrieving data about Management Agents and other FIM objects.

  • /syncdisconnectadd POST BSON
    • Expects data map { guid: guid } of objects undergoing an Add/Disconnect operation. Amends the object ids so that it is represented as an add/disconnect update instead of two objects with a delete and add.
    • Url authorized, Save objects feature
  • /passwordhistory POST BSON
    • Expects list of truncated CSRecord objects with password history changes. Amends the object change history to slot in the password history updates. Formatting is handled by BsonCompression<ObjectRecord>.
    • Url authorized, Save objects feature
  • /ma GET JSON
    • Returns collection of ObjectRecord objects with type MARecord.
    • Url authorized, View objects feature

MA Record Object

Represents MA description

class MARecord : ObjectRecord
{
    Guid Id; // namespaced Guid using Environment Id and MA Guid
    Guid MAId; // Sync Engine MA Guid
    string DN; // name of management agent
    string MAType; // type of MA or "Metaverse Configuration"
    string ObjectType = "Management Agent";
    string Description;
    int Version;
    List<RunProfile> RunProfiles;
    bool? Deleted;

    AttributeDictionary<string, BsonValue> Attributes {
        "JoinRuleXml",
        "ProjectRuleXml",
        "ExportRuleXml"
    };
}

class RunProfile
{
    string Name;
    bool Sync;
    bool Delta;
    bool Import;
    bool Export;
    List<string> StepTypes;
}

Run Record Object

Represents a single Run profile step of an MA. See History Record

class RunRecord : HistoryRecord
{
    int StepNumber;
    string StepType;
    Guid RunId;

    Guid MA { maps to RecordOf }
    string RunProfileName { maps to Argument }

    string Username;
    int RunNumber;

    // Errors, ObjectDetails, Counters, etc. inherit from HistoryRecord
}

CS Record

Additions that CSRecord makes to ObjectRecord. See Object Record

class CSRecord : ObjectRecord
{
    List<string> ObjectClass;
    string ConnectorState;
    string Status; // Export Pending, Import Pending
    PasswordSync PasswordSync;
}

class PasswordSync
{
    PasswordSyncType Sync; //Source, Target, WMIReset
    string Origin;
    DateTime TimeStamp;
    string Details;
}

Copyright © SoftwareIDM

Table of Contents