From a high-level point of view, the component architecture of Apache Syncope can be summarized by the following figure:

Apache Syncope Architecture
Apache Syncope is composed by two main subsystems: core and console.

The core

The web application that implements IdM features. It offers a RESTful interface for caller applications, implements the provisioning core by mean of its workflow engine and its propagation layer, and manages data persistence.

Apache Syncope core logic

This central component orchestrates the whole data flow throughout the system. Handles RESTful calls, processes data alongside the defined workflow and propagates to and synchronizes from configured external resources (if needed).

RESTful controllers

RESTful controllers take care of communication with outside world. Implemented by leveraging Spring's REST and MVC features, these controllers exchange data in both XML and JSON formats.

Workflow engine

The Workflow engine is a pluggable aspect of Apache Syncope: this lets every deployment choose among one of provided engine implementations or define new, custom ones.

The default implementation is based on Activiti BPM, the reference Open Source implementation that supports the definition of an XML descriptor in which the user lifecycle is defined. This aspect makes the whole system very flexible to adapt to different situations.
The default implementation also provides notification, approval, and end-user request management.

JPA persistence layer

All data in Apache Syncope (users, roles, attributes, resources, ...) is managed at a high level using a standard JPA 2.0 approach and persisted to an underlying database.

Apache OpenJPA, the chosen JPA implementation, allows Apache Syncope to be successfully deployable to most DBMSs without any modification of the source code; for more information, see these available options.
Currently, Apache Syncope officially supports MySQL, PostgreSQL, Oracle DB and MS SQL Server.

Connectors layer

The Connector layer is implemented with ConnId; ConnId is designed to separate the implementation of an application from the dependencies of the system that the application is attempting to connect to.

Connid is the continuation of Identity connectors, a project that used to be part of market leader Sun IdM and has since been released by Sun as an Open Source project. This makes the connectors layer particularly reliable since most connectors have already been implemented in the framework and widely tested. The new ConnId project provides all that is required nowadays for a modern Open Source project, including an Apache Maven driven build, artifacts and mailing lists. Additional connectors – such as for SOAP, CSV and Active Directory – are also provided.

Apache Syncope supports either

  • propagation towards external resources (when user data is copied from Syncope to external resources)
  • synchronization from external resources (when user data is pulled from external resources into Syncope)
Propagation and synchronization operations – a.k.a tasks – are saved for reporting and later re-execution.

The console

The web management interface for configuring and administering Syncope core, implemented with Apache Wicket

As with other external applications, the console communicates with the core using REST calls.