About Plugins
Installing Plugins
There are a few different ways to make Plugins available for use within Registry, according to how the Plugin is distributed.
- Core Plugins - Commonly used. These plugins ship with COmanage and enabled by default.
- Supported Non-core Plugins - Less widely used. Shipped with COmanage, but not enabled by default.
- External Plugins - Finally, Plugins can come from other sources (including those you write yourself) to support your needs.
Core Plugins
Many Plugins are already set up, and provided as “Core Plugins”; these Plugins ship with COmanage, and are enabled by default. They can be found in the app/Plugin
directory.
Supported Non-core Plugins
In addition, there are some Plugins that are less widely used. While they are shipped with COmanage, they are not enabled by default because of the related overhead (and, in some cases, external dependencies) associated with Plugins that may only be useful to some deployments. These plugins are also shipped with Registry and can be found in the app/AvailablePlugin
directory.
The simplest way to enable a Non-Core Plugin (assuming you have met any external dependencies the Plugin may require) is to symlink it from your local/Plugin
directory.
After creating the symlink, you should clear caches and then update your database schema to reflect the newly available plugin.
$ cd $REGISTRY/local/Plugin $ ln -s ../../app/AvailablePlugin/SomePlugin . $ cd $REGISTRY/app $ su -c "./Console/clearcache" ${APACHE_USER} $ su -c "./Console/cake database" ${APACHE_USER}
External Plugins
Plugins that come from other sources (including those you write yourself) should be placed in the local/Plugin
directory.
Configuring & Using Plugins
Once a Plugin is installed and enabled for use, how it is actually used and/or configured varies according to the Plugin type.
Plugin Type | Description | Where the plugin is configured in COmanage |
---|---|---|
Authenticator | Authenticators are used to prove a CO Person's identity to an application or service. An Authenticator combined with an Identifier is a credential. Because Authenticators are collaboration issued, they are attached to the CO Person, not to Organizational Identities (as for external credentials). | Configuration > Authenticators |
Cluster | Clusters are used to represent a CO Person's accounts within a given application or service. The typical use case is managing accounts on (eg) one or more Unix servers, but there is no specific requirement for this type of service. Clusters could just as easily represent accounts in a wiki service, if there were a need for more sophisticated provisioning beyond simple user attributes (identifier, name, groups, etc). | Configuration > Clusters |
Dashboard Widget | Registry v3.2.0 introduces Dashboards, simple information portals. Information is provided by Dashboard Widgets, which are implemented as Dashboard Widget Plugins. Multiple Dashboards can be defined within a CO. Dashboards include header and footer text areas appropriate for providing arbitrary html content on the landing page of a CO. | Configuration > Dashboards |
Data Filter | Configuration > Data Filters | |
Enrollment Flow | Configuration > Enrollment Flows | |
Identifier Validation | Configuration > Identifier Validators | |
Invitation Confirmer | ||
Job | ||
LDAP Schema | ||
Normalization | ||
Organizational Identity Source | Organizational Identity Sources allow for the creation of Organizational Identities linked to an external source or "system of record". These sources can include LDAP servers, REST APIs, SQL databases, flat files, and so on. Custom plugins can be written for arbitrary sources. | Configuration > Organizational Identity Sources |
Provisioner | Provisioning refers to the action of using Registry data to create or remove access to applications and services. COmanage Registry uses provisioning to provide the data that it stores to applications using one of three models, and in four different modes: Automatic, Manual, Enrollment-based, and Queue-based. | Configuration > Provisioning Targets |
Vetter | Registry v4.1.0 introduce the concept of Vetting, where a CO Person can be reviewed via one or more vetting processes (called Vetting Steps) for such purposes as background checks or compliance. Vetting Steps can be run on demand, or as part of an Enrollment Flow. | Configuration > Vetting Steps |
Creating Your Own Plugins
Building your own plugin is a great was to get started with custom development for COmanage. Through plugins you can build powerful extensions to the existing Registry functionality. Building a Registry Plugin requires knowledge of PHP, CakePHP, and COmanage.
Start Here
The general documentation for building plugins can be found on the Writing Registry Plugins page. All plugins follow some standard conventions which are outlined on this page. In addition, some types have additional requirements as listed below.
Additional Requirements by Plugin Type
As described above, there are several different Plugin Types, each with their own additional requirements. You can find these details at the links below:
- Authenticator Plugins
- Cluster Plugins
- Dashboard Widget Plugins
- Data Filter Plugins
- Enrollment Flow Plugins
- Identifier Validation Plugins
- Invitation Confirmer Plugins
- Job Plugins
- LDAP Schema Plugins
- Normalization Plugins
- Organizational Identity Source Plugins
- Provisioner Plugins
Plugin Library
Below is a list of known plugins that are available to the COmanage Registry community. Please let us know if you know of other plugins that are not listed below. (Or, maybe you have created your own plugin that you want to share here!)
Authenticator Plugins
-
Certificate Authenticator Plugin — The Certificate Authenticator plugin manages information about X.509 Certificates for CO People. (experimental)
-
Password Authenticator Plugin — The Password Authenticator plugin manages passwords for CO People. (experimental)
-
Privacy IDEA Authenticator Plugin — The Privacy IDEA Authenticator plugin provides an interface for tokens managed by a privacyIDEA authentication server. These tokens can be used to implement Multi-Factor Authentication (though instructions for doing so are beyond the scope of this document). (experimental)
-
SSH Key Authenticator Plugin — The SSH Key Authenticator plugin manages SSH Public Keys for CO People.
Cluster Plugins
-
Unix Cluster Plugin — The Unix Cluster plugin manages Unix Accounts for CO People.
Dashboard Widget Plugins
-
Announcements Dashboard Widget — The Announcements Dashboard Widget (AnnouncementsWidget) is a Registry Dashboard plugin that manages and renders Announcements.
-
Email Address Dashboard Widget — The Email Address Dashboard Widget is a Registry Dashboard plugin that allows for self service management of Email Addresses.
-
Notifications Dashboard Widget — The Notifications Dashboard Widget (NotificationsWidget) is a Registry Dashboard plugin that renders Registry Notifications for the current user.
-
Password Dashboard Widget — The Password Dashboard Widget is a Registry Dashboard plugin that allows for self service management of Passwords by authenticated users.
-
Recovery Dashboard Widget — The Recovery Dashboard Widget (RecoveryWidget) is a Registry Dashboard plugin that enables self service account recovery tools.
-
Services Widget Plugin — The Services Dashboard Widget (ServicesWidget) is a Registry Dashboard plugin that renders Registry Services for the current user. At this time, the services widget supports only CO-level services.
-
URL Dashboard Widget — The URL Dashboard Widget (UrlWidget) is a Registry Dashboard plugin that renders content from URLs.
Data Filter Plugins
-
Data Scrubber Filter Plugin — The Data Scrubber Filter Plugin filters which attributes are passed from an Organizational Identity Source.
-
Elector Data Filter Plugin — The Elector Data Filter evaluates available attributes and elects one based on configured Precedence Rules. The elected value is passed to the associated Provisioning Target.
-
Group Filter Plugin — The Group Filter Plugin filters which CO Groups are passed through to the connected context. Rules are processed for each CO Group passed to the Group Filter Plugin.
-
Group Name Filter Plugin — The Group Name Filter Plugin replaces a CO Group Name with an Identifier, so that the name of the CO Group appears to be the Identifier.
Enrollment Flow Plugins
-
DuplicateCheckEnroller Plugin — The Duplicate Check Enroller Plugin checks whether the enrollee has been registered in the past thus preventing Enrolling again and creating duplicates. The check takes place after the start step of the Enrollment Flow. This means that the Enrollment flow should have an Introduction text configured.
-
FiddleEnroller Plugin — The Fiddle Enroller Plugin allows an administrator to "fiddle" with the Petition data before it is finalized.
-
IdentifierEnroller Plugin — The Identifier Enroller Plugin allows the enrollee to select one or more identifiers as part of the enrollment process. This happens after email confirmation (and so after the initial petitioner attributes are collected).
-
MeemEnroller Plugin — MEEM is the MFA Enrollment and Exemption Manager. It is intended to coordinate enrollment in Multi-Factor Authentication. MEEM does not work with any specific technology, but is intended to work with Enrollment Flows and, indirectly, Authenticators.
-
NationalityEnroller Plugin — The NationalityEnroller allows a Petitioner to self assert their national affiliation(s), which are then stored as Identity Documents, with a Document Type of Self Assertion. This plugin supports Attribute Enumerations for the attribute Identity Document (Issuing Authority, Self Assertion).
-
ServiceEligibilityEnroller Plugin — The Service Eligibility Enroller Plugin allows for Registry Services to be selected for a CO Person Role. Despite its name, the Service Eligibility Enroller can be used without Enrollment Flows.
Identifier Validator Plugins
-
Dictionary Identifier Validator Plugin — The Dictionary Identifier Validator determines if an Identifier (manually or automatically assigned) matches a Dictionary Entry.
-
LDAP Identifier Validator Plugin — The LDAP Identifier Validator queries an LDAP server to determine if an Identifier (manually or automatically assigned) is in use (and therefore not permitted).
-
Regex Identifier Validator Plugin — The Regex Identifier Validator determines if an Identifier (manually or automatically assigned) conforms to an acceptable regular expression.
Invitation Confirmer Plugins
There is no content with the specified labels
Job Plugins
-
Core Job Plugin — The Core Job Plugin provides several out-of-the-box jobs for use with the Registry Job Shell.
LDAP Schema Plugins
There is no content with the specified labels
Normalization Plugins
There is no content with the specified labels
Organizational Identity Source Plugins
-
API Source — The API Organizational Identity Source Plugin is designed to integrate using RESTful APIs and message buses.
-
Env Source — The Env Organizational Identity Source Plugin is designed to pull attributes from environment variables, generally populated by web server authentication modules.
-
File Source — The File Organizational Identity Source Plugin is designed to integrate using CSV files.
-
LDAP Source — The LDAP Organizational Identity Source Plugin is designed to integrate with an LDAP server.
-
netFORUM Source — The netFORUM Organizational Identity Source Plugin is designed to integrate with the Abila netFORUM Association Management System via the XML API (xWeb).
-
Novi Source — The Novi Organizational Identity Source Plugin is designed to integrate with the Novi Association Management Software platform using the Novi AMS API.
-
ORCID Source — The ORCID Organizational Identity Source Plugin is designed to integrate with the ORCID API in order to create Organizational Identities and to securely link an ORCID iD to an existing CO Person Record. In Registry v4.4.0 and later, this plugin supports the use of the ORCID Member API for collecting ORCID access and refresh tokens in addition to ORCID iDs.
-
Salesforce Source — The Salesforce Organizational Identity Source Plugin is designed to integrate with Salesforce via the Force.com REST API.
-
SQL Source — The SQL Organizational Identity Source Plugin is designed to integrate inbound data via a SQL database. SqlSource is available as of Registry v4.1.0.
Provisioner Plugins
-
API Provisioning Plugin — The API Provisioning Plugin provisions CO Person records to a RESTful or messaging endpoint.
-
Changelog Provisioning Plugin — The Changelog Provisioning Plugin is a simple plugin that generates logfile entries on provisioning events. Entries are JSON encoded representations of CO Person and CO Group data.
-
Crowd Provisioning Plugin — The Crowd Provisioning Plugin provisions CO Person and CO Group records to Atlassian Crowd.
-
GitHub Provisioning Plugin — The GitHub Provisioning Plugin synchronizes Registry data with GitHub.
-
Grouper Provisioning Plugin — The Grouper Provisioning Plugin provisions groups and memberships in groups to an Internet2 Grouper instance using the Grouper web services interface.
-
Homedir Provisioning Plugin — The Homedir Provisioning Plugin is an experimental plugin that creates Unix home directories entries on provisioning events. It is not intended for use in a production environment. (experimental)
-
Jira Provisioning Plugin — Registry v4.0.0 introduces the Jira Provisioning Plugin, which provisions CO Person and CO Group records to Atlassian Jira.
-
LDAP Provisioning Plugin — The LDAP Provisioning Plugin is designed to provision Registry data into an LDAP server.
-
Mailman Provisioning Plugin — The Mailman Provisioning Plugin manages Mailman3 mailing lists using Registry data. (experimental)
-
MediaWiki Provisioning Plugin — The MediaWiki Provisioning Plugin provisions Registry data to a MediaWiki instance deployed with the OAuth extension. Since MediaWiki is not designed for group based authorization the plugin does not provision group information or memberships to MediaWiki. (experimental)
-
MidPoint Provisioning Plugin — The MidPoint Provisioning Plugin provisions users to Evolveum midPoint using the midPoint REST API. (experimental)
-
Salesforce Provisioning Plugin — The Salesforce Provisioning Plugin provisions Contacts to Salesforce via the Force.com REST API.
-
SQL Provisioning Plugin — The SQL Provisioning Plugin provisions CO Person and CO Group records to a SQL database.
Vetting Plugins
Other/Experimental Plugins