Requirements For MidPoint Engineers

Last modified 24 Sep 2020 17:16 +02:00

MidPoint is a comprehensive and flexible identity management and governance platform. It is a substantial product, built from many components that are compiled from more than a million lines of source code. MidPoint gives you enormous powers of customization, flexibility, adaptability and efficiency. However, such powers come at a cost, and that cost is your knowledge.

There is a wealth of knowledge that you need to use midPoint efficiently. This document lists the things that you will need to start working with midPoint professionally.

Engineering Concepts

MidPoint engineer has to understand basic engineering concepts of information and communication technologies, such as:

  • Basic understanding of networking (Internet) principles and technologies.

  • Understanding of WWW principles and technologies on a level sufficient to troubleshoot web application issues.

  • Understanding of information security practices.

An engineer also needs to understand basic concepts of project organization and environment:

  • Understanding of engineering project methodologies. For example understanding of principles of incremental and iterative projects, concept of milestones, and so on.

  • Distinguishing between project and product issues. Understanding that product is an universal solution designed to solve many problems and that it is not specifically designed for your particular project. The principle of product customization to fulfil the needs of a project.

Identity Management and Governance

You are going to work on identity management and governance project. Therefore we assume you have appropriate identity management and governance skills. Ideally, you should have finished several IDM projects in the past. If you are just starting, make sure there is an experienced tech leader or architect that guides the project. Or at least secure an external consultant to supplement the lack of experience.

Identity management projects have many unique characteristics. It is almost impossible to deliver a successful project without prior experience.

Experience from identity management projects that involved competing technologies are certainly a benefit. Many of the practices of identity management projects are the same, regardless of the specific technology. However, midPoint is unique in many aspects, and many things are configured in a slightly unusual way in midPoint. Therefore make sure you have a deep understanding of midPoint principles before starting a project.

MidPoint is designed to work well with iterating and incremental projects. Make sure you consider midPoint strengths and limitations when planning the project. Unless you are starting with utterly trivial project, we always recommend to conduct a proof of concept (PoC) activities before committing yourself to any project plan.

As identity management is all about personal data, understanding of personal data protection principles is more than recommended.

MidPoint

MidPoint is very likely to be a central component of your project. Therefore, make sure you have appropriate knowledge about midPoint principles, features, configuration procedures and limitations. The depth of knowledge that you will need depends on the complexity of your project. However, there is a baseline knowledge that is needed for every project. We will assume that your midPoint knowledge is at least equivalent to the scope of MidPoint Deployment Fundamentals training.

Also make sure you check out MidPoint book, it is freely-available on-line.

You can make a self-assessment of your knowledge by trying out midPoint exercises. To pass the very minimum requirements for simple projects, you should be able to complete all the exercises marked as MID-101, complete them quickly, efficiently and without any major issues. Just keep in mind, that this is the very minimal requirement. If you are about to engage in any complex project, you will need much deeper knowledge about midPoint.

As midPoint is built for iterative projects and long-term maintenance, you are expected to be familiar with MidPoint upgrade procedure. The procedure may be slightly different for each release and it is outlined in release notes.

Open Source Principles and Procedures

MidPoint is free and open source (FOSS) software. Which means that midPoint is distributed under the terms of a liberal open source license. However, open source is not just about the licensing, open source is an entire technological movement. As you have chosen midPoint, you are probably aware of that. However, it is worth checking that you are aware of all the necessary details:

  • Open source licenses. Make sure you are aware of the liberties and limitations that apply to all the source code components that you use. Make sure you are also aware of licensing of the documentation that you use. Our Copyright and Licensing Guidelines provide a human readable explanation of licensing for our software and documentation.

  • Open source software development and distribution principles. Open source software is developed in public, it is open to participation, the development is organized in cycles, cycles are concluded by release of new version. Released binaries are available for download. However, the software can be tested even during the development cycle by building the development versions. Open source communities usually welcome participation of testers before the software is released.

  • Communication channels of open source communities. The usual means of community communication are mailing lists. However, there are additional "technological" communication channels, such as comments in source code commits, issue tracker communication, comments on pull requests and so on.

  • Open source community etiquette. Learn to communicate efficiently and politely in the community. Be polite. Do your research before asking a question. Provide sufficient context. Give back. Those are the usual rules. For a detailed explanation, see midPoint community guidelines.

None of this is midPoint-specific, it applies to almost all the open source projects. If you have been part of any open source community, you will most likely find yourself well at home in midPoint community.

MidPoint itself contains other open source components, for example scripting languages such as Groovy or JavaScript. You may need to engage open source communities of these components during your work with midPoint. Therefore it is a good idea to familiarize yourself with the principles of the entire open source ecosystem.

Use of Software Tool Chain

MidPoint engineer needs to be familiar with basic tools. MidPoint is using a tool set that is very common in the open source world:

  • Apache Maven is used as build system of midPoint. Maven is used to build midPoint source code and assemble binary distribution. Maven is also a distribution system. The binaries are published to maven repositories. We are not using the common Maven central repository for our binaries. We have our own Maven repository at nexus.evolveum.com. This repository is publicly accessible.

  • Git is used for version control of midPoint source code, source code of all our components, but also for samples and other data. Basic knowledge of Git is essential for efficient life in the open source world.

  • Appropriate operating system (Linux, Windows) knowledge is assumed. Vast majority of midPoint instances is deployed on Linux, and midPoint itself is using many principles of UNIX/Linux design. Therefore good knowledge of Linux environment is a huge advantage. At a very minimum, knowledge of basic operating system scripting (bat, bash) is needed. Additionally, although it is not strictly necessary, skills in a rich scripting language (Python, Ruby, Perl) is a huge advantage for all projects.

  • You will need to know at least one scripting language used for customization (Groovy, JS, Python). The depth of the required knowledge heavily depends on the complexity of the customizations that you plan to perform.

  • Knowledge of XML, JSON or YAML is absolutely essential for anything that goes beyond the very basic midPoint operation.

  • Generic relational database knowledge is assumed. MidPoint can run on several database engines. It is expected that you will have sufficient knowledge to operate the database engine of your choice.

  • You should be familiar with Java platform concepts. You should have basic understanding of how JVM works, what are JAR/WAR files and so on. You are not expected to be a Java developer, although even a basic software development experience is very helpful.

  • Depending on the nature of your deployment, you may need to familiarize yourself with virtualization and containerization tools (Docker), clustering mechanisms, load balancing mechanisms, firewalling techniques and so on.

Software Development Principles

Although it is not necessary for a midPoint engineer to be a software developer, there are some software development principles that an engineer has to understand:

  • What is source code, how it is used in software development.

  • How source code repositories work, where to find source code if you need it. MidPoint is using Github as its primary source code repository.

  • Understanding of source code version control and versioning principles (e.g. semantic versioning). Basic use of git. Make sure you understand difference between minor, major and maintenance releases and the consequences for compatibility. See also the details of midPoint versioning and release process.

  • Basic procedure how to build a source code. Although you will probably not write any code yourself, building source code may be needed for advanced customization. You may also want to build the source code to test fixes and improvements that were not released yet. At least a basic understanding of the process is a benefit for all engineers.

  • How to install and use binaries from midPoint distribution (or those built from sources).

It is not expected that you have any coding experience, although having at least basic understanding of the principles is a huge benefit. However, it is expected that you can learn basic scripting in a scripting language of your choice (Groovy, JavaScript, Python).

Troubleshooting Practices

For deployment and support engineers, troubleshooting skills are the most essential of the essentials. MidPoint is a very flexible system, it can be adapted to your need in millions of ways. But that also means that there are millions of things that can go wrong. You will not be able to overcome the first obstacle without good troubleshooting skills.

As you are deployment and/or support engineer, we assume that you have excellent troubleshooting skills already. However, the skills also need to be supported by knowledge about midPoint and its internal workings. There are two great resources to arm you with essential knowledge:

  • Troubleshooting chapter in midPoint book. Make sure you read through this chapter (and the entire book as well) before your first deployment.

  • Troubleshooting section in midPoint wiki. There are many useful information and tips here. This is a great resource for later reference. You should come back here when you run into problems during your project.

MidPoint is a real-world software. No software is ever perfect, there are bugs, problems and defects of all kinds. Chances are that you encounter a bug in midPoint during your project, especially if you are trying to configure something that was not often tried before. If you happen to encounter a problem, it is important to know.

The most important skill is to correctly identify a problem. Is it a bug, is it a missing feature, or is it misconfiguration?

  • If midPoint has particular functionality, but it does not work then it is a bug. For example:

    • There is a button to assign a role, but click on that button results in a crash.

    • There is a documented feature in midPoint documentation, but the behavior differs from the documentation.

    • There is a feature that works for thousands of other cases, but it fails in one particular case.

    • As a rule of the thumb, if you see developer errors such as "Internal server error" or "Null pointer exception" then you have probably encountered a bug.

  • If midPoint does not have the functionality that you need, then it is a missing feature. For example:

    • There is no button to assign a role.

    • There is a documented feature, but you would like the feature to behave differently than it is documented.

    • There is a feature that does not work for you, but that feature is marked as experimental or incomplete.

    • There is a feature that does not work for any of your cases and there is nothing to suggest that it should (except your own wishes).

    • As a rule of the thumb, if you are looking for some functionality and cannot find it, it is probably a missing feature.

  • If midPoint behavior is based on your configuration and it does not work well, it is probably misconfiguration. It is quite hard to exactly specify what misconfiguration is. However, due to midPoint flexibility, most issues that you are likely to encounter are misconfigurations. For example:

    • You do not see the roles in the user interface, because you did not set up proper authorizations to allow access.

    • MidPoint data mapping does not work, because you have made a mistake in mapping expression Groovy script.

    • LDAP connector cannot create an account, because LDAP server hostname cannot be resolved.

    • As a rule of the thumb, if you get any meaningful error that you can understand, or if the system does a different thing that you want it to, it is probably a misconfiguration.

It is essential you try to classify the problem to the best of your abilities. Handling of the problem heavily depends on whether it is a bug, missing feature or misconfiguration:

  • Misconfiguration is your own problem. You are an engineer, you are expected to handle this. Make sure you follow appropriate troubleshooting practices (remember book and wiki). If you find dealing with the misconfiguration too difficult for you, then you can engage consulting services to assist you.

  • Bug is a problem of midPoint development team. If you have purchased support subscription, we will fix any bugs that you encounter. Please create a bug report. However, this is software development and you should set your expectations right. It is not possible to fix all the bugs immediately after they are reported. There is also a development and release cycle to consider. Please see support guidelines for the details.

  • Missing feature is something to be discussed. Feature requests will be handled depending on the type of your subscription. The very basic support subscription does not include development of new feautures. As our development roadmap is almost always full, it is very unlikely that your feature request can be prioritized. However, purchasing a premium subscription makes the situation completely different. The best strategy would be to contact Evolveum sales and discuss the details.

Whether you are handling a bug, it is important to communicate in the right way when engaging midPoint team. If you have purchased support subscription, then you are entitled to level 3 (L3) support service from Evolveum. As the name suggests, we will be expecting that the issue has already passed through level 1 (L1) and level 2 (L2) support levels, therefore the issues is properly diagnosed. Evolveum developers will expect that they are talking to an experienced engineer on your side.

You should make sure your bug reports is professional and complete. There is a bug reporting guide to check that you have included everything in the report.

Evolveum Development And Support Procedures

Being an engineer is not all about technology. There are also some business aspects and procedures that need to be accounted for. As you are going to engage Evolveum services in your project, it is expected that you understand basic principles that govern the services. You are expected to understand:

  • MidPoint development and support cycle.

    • Mid-term midPoint development plan is documented in midPoint Roadmap. The roadmap is just a plan. It can change at any time and there are no guarantees unless such guarantees are explicit part of your subscription program.

    • There are usually two midPoint releases per year. There are release notes documenting specific characteristics of each release. Make sure you read release notes carefully before using any specific midPoint release (especially for upgrades).

    • There are long-term support (LTS) releases and feature releases. They have very different support lifetime. See Long-Term Support page for the details.

    • Development cycle is divided into several milestones. This governs the bugfixing cycles. Bugs are fixed according to their priorities. Please see support guidelines for the details.

Make sure you are familiar with the layering of support services (L1/L2/L3/L4) and you know the difference between individual levels. We are using the following support layering scheme:

Level Name Description Example problems Responsible

L1

End user support (help desk)

Dealing with the usual problems of end users. It is usually driven by procedures and basic manuals. Very little requirement for product or configuration expertise.

I cannot access the server.
I cannot log in.
I do not know how to request a role.

Customer, sometimes partner

L2

Solution support (configuration)

Dealing with misconfigurations of IDM solution or the environment around it. Fixing the problems in configuration or network environment. Driven by engineering troubleshooting practices. Deep knowledge of configuration and the environment is required. Product knowledge is required, but knowledge of product implementation (source code) is usually not required.

User foo was not synchronized properly.
Mapping bar in resource Baz fails.
Definition of role Foobar is wrong.
Resource Baz does not work due to network timeouts.

Partner, sometimes customer

L3

Product support (product bugfixing)

Dealing with product defects (bugs). Fixing the defects in product source code. Driven by software development and testing practices. Deep knowledge of the product (source code) is required.

Clicking on button Assign button in user details page results in internal server error.
Reconciliation task stops with Null pointer exception.
Organizational structure authorizations do not work as documented.

Vendor (Evolveum)

L4

Product development (product features).

Dealing with missing features. Implementing new features or improvements to the product. Driven by software design and development practices. Deep knowledge of product architecture, design and implementation is required.

I would like to re-order columns in user list by dragging and dropping the columns.
I would like to have an option to efficiently display big flat organizational structures, such as project structure.
I would like to see role mining capability in midPoint.

Vendor (Evolveum)

When it comes to Evolveum services, L3 and L4 are the most important:

  • Evolveum provides level 3 (L3) product support, which means bugfixing in midPoint product. Improvements and feature development is not part of this support program. The support programs usually do not include consulting services, which means Evolveum will not deal with configuration issues.

  • Some premium subscription programs include level 4 (L4) product support, which includes improvements and feature development. However, this needs to be done a controlled fashion and the details may vary between individual programs. Your Evolveum representative will gladly provide all the details about our premium services.

When in doubt, please consult Evolveum representative. Evolveum provides learning sessions to the partners that covers the basic information about Evolveum services.

Miscellaneous

There are few more bits of useful information:

Conclusion

Identity management and governance is not a simple topic and there is a lot that a successful midPoint engineer needs to know. We try to help the learning with our trainings and book.

This document is a list of minimal requirements for midPoint engineer. It is a part of engineering profession to continually improve our knowledge and skill. MidPoint is a living software that improves with every release. Therefore, it is expected that your knowledge, understanding and skill will improve as well.