From a high-level point of view, the component architecture of Apache Syncope can be summarized by the following figure:
The web application that implements IdM features. It offers a RESTful interface for caller applications, implements the provisioning core by mean of its workflow engine and its propagation layer, and manages data persistence.
This central component orchestrates the whole data flow throughout the system. Handles RESTful calls, processes data alongside the defined workflow and propagates to and synchronizes from configured external resources (if needed).
RESTful controllers take care of communication with outside world. Implemented by leveraging Spring's REST and MVC features, these controllers exchange data in both XML and JSON formats.
The Workflow engine is a pluggable aspect of Apache Syncope: this lets every deployment choose among one of provided engine implementations or define new, custom ones.
The default implementation is based on
Activiti BPM, the reference Open Source implementation
that supports the definition of an XML descriptor in which the user lifecycle is defined.
This aspect makes the whole system very flexible to adapt to different situations.
The default implementation also provides notification, approval, and end-user request management.
All data in Apache Syncope (users, roles, attributes, resources, ...) is managed at a high level using a standard JPA 2.0 approach and persisted to an underlying database.
Apache OpenJPA, the chosen JPA implementation, allows Apache Syncope
to be successfully deployable to most DBMSs without any modification of the source code; for more information,
Currently, Apache Syncope officially supports MySQL, PostgreSQL, Oracle DB and MS SQL Server.
The Connector layer is implemented with ConnId; ConnId is designed to separate the implementation of an application from the dependencies of the system that the application is attempting to connect to.
Connid is the continuation of Identity connectors, a project that used to be part of market leader Sun IdM and has since been released by Sun as an Open Source project. This makes the connectors layer particularly reliable since most connectors have already been implemented in the framework and widely tested. The new ConnId project provides all that is required nowadays for a modern Open Source project, including an Apache Maven driven build, artifacts and mailing lists. Additional connectors – such as for SOAP, CSV and Active Directory – are also provided.
Apache Syncope supports either
The web management interface for configuring and administering Syncope core, implemented with Apache Wicket
As with other external applications, the console communicates with the core using REST calls.