Multi-client mode and nevisIDM SOAP interfaces
It is recommend providing the client in SOAP operations. In case of one client, nevisIDM will execute the operation on that client. However, in a setup with multiple clients the operation will fail without the client's name or external ID.
The client name (clientName
) or the external ID (clientExtId
) are specified in the abstractRequest object of the SOAP request. For more information, see: Message types.
There are some other aspects to be considered when having multiple clients in nevisIDM:
- Client context required: Almost any operation in nevisIDM will be executed within the context of a single client. If the client context is not given, nevisIDM will not be able to execute the operation.
- Client-specific or shared among clients: Be aware that some entities, configurations, or restrictions are client-specific and some affect several or all clients. An overview is given in the chapter Multi-client setups and the data model. In brief: All configuration parameters in the nevisIDM configuration files are global (see the chapter: nevisidm-prod.properties), while the parameters in a client's client policy are client-specific (see the chapter: Client policy).
- nevisIDM authorization: As mentioned in the chapterData room authorization(, having multiple clients enables the third authorization dimension in nevisIDM - the client data room. It must be planned well which users will be authorized for more than one client. In general, the number of users with such vast authorization should be limited. Also be aware that certain nevisIDM roles are configured by default with client-global authorizations.
Client-independent search
Certain SOAP query operations support client-independent search. If you want to search in all clients, you have to set the clientIndependent
attribute to "true" in the SOAP request (on the abstractRequest
object).
- If the
clientIndependent
attribute is "true", the result will contain entities from all clients. As the system will ignore the client's name and external ID in the search, not set them in the SOAP request. - If the
clientIndependent
attribute is not set or set to "false", the client determination works as described above.
Note that even if the SOAP request is client-independent and clientIndependent=true
, the data room restrictions still apply: The result will only contain entities from clients and units for which the principal user is authorized.
Currently, only the operation queryUsers
supports client-independent search.