In midPoint, common configuration values can be defined as constants in a central location so they can be used by resource configurations elsewhere. This post describes how Oregon State University is using global constants in our resource configurations, and how this allows us to keep privileged credential values in one location instead of scattered across multiple config files.

Define Constant Values In config.xml

First, identify the values that you want to make available as global constants. In this example, we'll make some constants for configuration values used by the Google Apps connector.

  • Google Domain
  • Client ID
  • Client Secret
  • Refresh Token

Open $MIDPOINT_HOME/var/config.xml in an editor. Add a <constants></constants> node under <midpoint>, then add individual items for each constant value as follows:

<constants>
    <resourceGTESTdomain>your.googledomain.edu</resourceGTESTdomain>
    ...
</constants>

Here's a sample configuration that defines all four Google Apps values, plus a couple of others:

<configuration>
    <midpoint>
        <webApplication>
            <importFolder>${midpoint.home}/import</importFolder>
        </webApplication>
        <repository>
            <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
            <database>mariadb</database>
            <jdbcUsername>redacted</jdbcUsername>
            <jdbcPassword>redacted</jdbcPassword>
            <jdbcUrl>jdbc:mariadb://localhost:3306/redacted?characterEncoding=utf8</jdbcUrl>
        </repository>
        <constants>
            <resourceGTESTdomain>your.googledomain.edu</resourceGTESTdomain>
            <resourceGTESTclientid>changeme</resourceGTESTclientid>
            <resourceGTESTclientsecret>changeme</resourceGTESTclientsecret>
            <resourceGTESTrefreshtoken>changeme</resourceGTESTrefreshtoken>
            <resourceFOOBARhost>foobar.someplace.edu</resourceFOOBARhost>
            <resourceFOOBARport>8080</resourceFOOBARport>
        </constants>
...

Each constant must have a unique name. We follow the naming convention of resourceRESOURCENAMEparametername. In our example, the Google Apps resource is called GTEST so our Google Apps-related constants all begin with "resourceGTEST". You can follow whatever convention fits your organization's structure.

IMPORTANT! midPoint must be restarted to apply changes to config.xml.

Using Constant Values In Resource Configurations

To use a constant value defined in config.xml in a resource configuration, follow this form:

<expression><const>CONSTANT_VALUE_NAME</const></expression>

Here's a sample resource configuration for Google Apps that uses the constant values defined in the previous section.

<configurationProperties xmlns:gen379="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-googleapps/com.evolveum.polygon.connector.googleapps.GoogleAppsConnector">
    <domain><expression><const>resourceGTESTdomain</const></expression></domain>
    <clientId><expression><const>resourceGTESTclientid</const></expression></clientId>
    <clientSecret><expression><const>resourceGTESTclientsecret</const></expression></clientSecret>
    <refreshToken><expression><const>resourceGTESTrefreshtoken</const></expression></refreshToken>
</configurationProperties>

After modifying the resource configuration to use the constant values, you can test the change by viewing the resource in the midPoint UI and clicking the Test Connection button.

Stacy Brock, Oregon State University