This interface provides the ability to connect to an external system using REST or SOAP connection to fetch Restricted Member IDs (External Client Ids) for logged in user, the Restricted Member IDs received from external system will be then updated in FO.T_FORA_RESTRICTED_ACCESS table in ALIP. This table data will be used by ALIP core implementation to restrict the access of the user to the entities associated to the Restricted Members.
As part of the Restricted Member IDs update, ALIP SSO login sends an ALIP request to the interface once all the existing SSO validations e.g UserID expired, Account Lockout etc are passed. The Interface will then convert request to ACORD format and call external system. The ACORD response from the external system will be converted into ALIP format and saved to ALIP tables by calling core API’s.
Current trigger points for this interface is
SSO login
Interface will not restrict SSO login even if the Interface call or ALIP core table update fails.
| TR ID# | Technical Requirements |
| TR1 | ACORDv2.36 is used to communicate with the external system. |
| TR2 | ACORD Tx 203 “Holding Inquiry transaction to=203” is used to obtain the Restricted Member IDs. |
| TR3 | Configure ALIP SSO to invoke the interface which will call the external system to obtain Restricted Member IDs. |
| TR4 | If the interface is able to sync up the Restricted Member IDs, the ALIP interface will return a Success Response and user will be able to login. |
| TR5 | In case there is any error while obtaining Restricted Member IDs from external system, an error response is returned by interface and user will be able to login. |
| BR ID# | Business Requirements |
| BR1 | Trigger point for this interface is SSO login |
| BR2 | This interface expects complete list of restricted member IDs (external client ID’s) for a given user id from the external system. |
| BR3 | If the external service call returns restricted member Ids and Interface is able to save it successfully in ALIP, the integration history records a successful outbound integration. |
| BR4 | If a failure occurs while obtaining or saving the restricted member Ids within ALIP due to below reasons an Integration history failure record is logged.ALIP is unable to reach external system An XSD failure occurred while this interface validates the incoming responseALIP is unable to sync the restricted member Ids. |
| BR5 | This interface will be triggered only if SSO login is successful. If the user login is restricted by SSO validations, interface will not be triggered. |
This interface will result in syncing of the Restricted Member IDs (External Client IDs) in ALIP core table FO.T_FORA_RESTRICTED_ACCESS.
Mock service will be used to generate Restricted Member IDs for testing purpose, this can be later replaced with client specific service. Client service should follow the same request/response structure as of mock to use the interface out of box.
Interface will not restrict the user from logging in to ALIP, if the table sync up is not complete either due to external system connection failure, or base API failure, however Integration History will show failure with the error. An error will also be logged in to the ALIP Appserver logs.
This interface will be triggered based on configurable property setup on SSO login.
As part of the User login process, all the restricted clients list will be deleted and then added again in to ALIP core table, thus External System should always send the complete list of restricted External IDs.
SSO setup will be required at client environment to trigger this Interface.
For Enabling this interface for SSO Login, below mentioned property should be set to ‘Yes’ in integration.properties.By Default this is set to No.
CallUpdateRestrictedCustomerIDsIntegration=Yes
Connectivity details to the external systems are highlighted below.
The connection type for REST/SOAP is configurable for Accenture Dev team, and will be a one time setting. Allowed values are REST and SOAP. Connection Type is set as below:
UpdateRestrictedMemberID.ExternalServiceType=REST
OR
UpdateRestrictedMemberID.ExternalServiceType=SOAP
In order to support SOAP connection SOAP Action and URL of external system is required. It is set as below in property file. IntegrationPoint.SOAP.{RequiredDetails}.
UpdateRestrictedMemberID.SOAP.Auth=None
UpdateRestrictedMemberID.SOAP.Url =http://vm-int1.navisys.com:8079/RestrictedMemberIDService
UpdateRestrictedMemberID.SOAP.Action=RestrictedMemberIDAction
REST connection supports OAauth2 authentication, if it is not required it can be turned off. If required token generation details will be required as below.
Oauth2Token.AuthParams=dfsfdhhkkj:gygyuujjlkkj (ClientSecretID:Pwd)
Oauth2Token.Url=http://vm-int1.navisys.com:8084/token(Sample URL, needs to be replaced with client token generation url)
Token Generation Currently supports only application/json format
The generated token can be cached for certain duration as per client’s requirement. Default Property setting for it will be 0 ms. This can be changed to for example 7200ms
tokenTimeToLive=0
REST connection supports Basic authentication as well, if it is not required it can be turned off. This interface is tested with Basic authentication.
UpdateRestrictedMemberID.REST.AuthType=Basic
#REST Service userName and password for BASIC AuthType
RESTUserName=RESTUser
#encrypted password
RESTPassword=iP3QCTiEWfQ=
REST connection supports both XML and JSON content type with POST request. REST connection details are required as below. IntegrationPoint.REST.{RequiredDetails}.
UpdateRestrictedMemberID.REST.AuthReqd=Yes
UpdateRestrictedMemberID.REST.AuthType= Basic
UpdateRestrictedMemberID.REST.ContentType=XML or JSON
UpdateRestrictedMemberID.REST.Url= http://vm-int1.navisys.com:8074/v1/lifeco/employee-relationships/employee-associated-caps
UpdateRestrictedMemberID.REST.RequestType=POST or GET`
In case connection to the external REST and SOAP service fails API will retry to connect to service. This setting is also configurable as below. Default setting will be 3 retries.
SOAPConfigurableRetryCount=3
SOAPConfigurableBackOffPeriod=0
RESTConfigurableRetryCount=3
RESTConfigurableBackOffPeriod=0
API provides the abitity to connect to extetrnal system using namespace. If namespace is required to connect to external system below setting is required. If this setting is provided API will apply it to the external service request and remove the same once the external service response is received before passing it for further processing.
UpdateRestrictedMemberID.Namespace=
Request/Response Data Elements
| Success | Success Scenario Description | Message Code | Message Description | Message Type | Additional Comments |
| #1 | Perform SSO login | 1 | Success | Informational | Restricted member ID should be updated in ALIP core tableThe integration history should record a successful outbound integration.User should be able to login. |
| Error | Error Scenario Description | Message Code | Message Description | Message Type | Additional Comments |
| #1 | A failure occurs when obtaining or saving of Restricted Member ID within ALIP due to below reasons:ALIP is unable to reach external system. An XSD failure occurred while this interface validates the incoming response.ALIP is unable to save the restricted member Id. | 100 | Internal Error | Fatal | Failure should be logged in Integration History with error description. No records should be updated/added in ALIP core table.User should be able to login. |