This is a continuation of my Sun IdM blog series.

Sun IdM is a very extensible product. Every piece of functionality is loosely coupled.  Everything is configurable in Sun IdM.  Even to the last bit. How is this achieved?

Answer: Configuration Objects

Configuration Objects are pieces of xml to configure a bit of functionality. Large number of such bits come together to define the behavior of the product.  Like communism – the idea is great, but implementation sucks. This is how it causes unthinkable nightmares

  1. All configuration objects are xml and stored in database with a id and name.
  2. Developer can change any xml object and write back to the database/repository
  3. Database will happily accept the xml as long as it is valid and confirms to to the dtd
  4. Problem comes during runtime – Another executing object looks for a previously existing xml by name or id. If it does not find it, there is a runtime error. If it finds it, but somebody has changed the behavior of the called object/xml by modifying it and introduced bugs, again it results in  runtime error.
  5. IdM consultant’s biggest headache when at a customer site  who has been using IdM for a while is exactly this. One of client’s developer has inadvertantly changed a xml and put it in database. Nobody knows which one. A lot of these xml changes completely skipped the source control and done by just committing the new xml to the production database.
  6. Client has changed a xml behavior but retained its original name. During product upgrade all xmls with out-of-the-box names are replaced. Gone are the customizations

With 1000s of xml pieces, it is hard to find which pieces were interacting together before and after and the system is broken. Like I said before, the idea is great, implementation sucks. Tools such as VIDT (Velocity Identity Deployment Tool – Bad name, good implementation) came into being just to address this mayhem a little bit.

In my next blog, I will describe in detail about IdM project life cycle and the importance of VIDT and a logical description of VIDT.