README revision 38bff5ed1db0351d438473a25ee9b674282dbc10
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorIn the usecase folder there are a set of files which together tell a user story based on some common examples.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorAfter building the openidm-zip project these files are copied and organized in an appropriate folder structure,
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Majoreach usecase folder contains the files that are needed for that certain use case sample.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorAll the samples assume a certain initial setup of managed users in OpenIDM.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorThe users are organized the following way:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major- there are 20 ordinary users: user.0 ... user.19 where
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - user.0 .. user.4 belong to Human Resources having user.0 as Manager,
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major user.0 .. user.3 employees and user.4 contractor
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - user.5 .. user.9 belong to Production Planning having user.5 as Manager,
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major user.5 .. user.8 employees and user.9 contractor
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - user.10 .. user.14 belong to Sales & Distribution having user.10 as Manager,
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major user.10 .. user.13 employees and user.14 contractor
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - user.15 .. user.19 belong to Treasury & Payments having user.15 as Manager,
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major user.15 .. user.18 employees and user.19 contractor
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorFurthermore we have the following special users:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major- hradmin: user representing the human interaction of the HR department
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major- systemadmin: user representing the human interaction of the populated systems (“Business” and “Project”)
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major- superadmin: user representing the manager of the managers
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorList of use cases
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorUsecase1 - Initial reconciliation
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major In this step we import the users from OpenDJ to OpenIDM using reconciliation.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major To prepare to run the sample, download OpenDJ directory server from
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major http://forgerock.org/opendj.html. Install OpenDJ using QuickSetup:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Use "password" as the password for cn=Directory Manager.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major * Import samples/usecase/data/hr_data.ldif during installation.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 1. Start OpenIDM with the configuration for usecase1.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 2. Run reconciliation.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major $ curl -k -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=systemHRAccounts_managedUser"
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 3. Query the managed users created by reconciliation
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major $ curl -k -u openidm-admin:openidm-admin "https://localhost:8443/openidm/managed/user?_queryId=query-all-ids"
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major There should be 23 users created. The default password of the imported users is "Passw0rd".
fb379c70e3fd8a537f311b99be4759ae41e02750Peter MajorUsecase 2 - New user onboarding
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major In this step we simulate an HR employee starting the onboarding process for an employee
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major and approval step of the manager.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major If we want to use email notifications as part of the process make the following changes:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - External email service of OpenIDM has to be configured using the following file:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major samples/usecase/usecase2/conf/external.email.json
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major Update the smtp settings in this file before starting the workflow.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - Change the notification email properties in the workflow definition file:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major samples/usecase/usecase2/workflow/newUserCreate.bpmn20.xml
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major emailParams = [_from : 'usecasetest@forgerock.com', _to : 'notification@example.com',
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major _subject : 'Use Case Test Notification', _type : 'text/plain',
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major _body : 'The requested user ' + userName + ' was successfully created']
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major Change the _from and _to fields to contain valid email addresses.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 1. Start OpenIDM with the configuration for usecase2.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 2. Log in to the UI as user.1 (this user belongs to HR department, default password is 'Passw0rd')
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 3. Select the User Onboarding Process by clicking on it.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major 4. Fill the fields of the form presented by the UI. The fields marked with x are mandatory.
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major - Department field:
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major By selecting one of the four departments we define which department the new user
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major will belong to. Based on this the workflow will select the possible candidate assignees
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major for the manager approval user task: it will be either superadmin (as manager of everyone)
fb379c70e3fd8a537f311b99be4759ae41e02750Peter Major or the manager of the selected department (see description above).
- a user task is assigned to the manager of the user (e.g. in our sample the assignee is user.0)
_subject : 'Use Case Test Notification', _type : 'text/plain', _body : 'The access request was accepted']
$ cd /path/to/openidm
- Reject: the start user (in our sample user.1) receives a notification about the denial. An OpenIDM
notification is created about this event which is visible on the UI after log in with the appropriate user.
9. Click on the User Access Request Approval task appearing on UI in 'My tasks' and then on the 'Details' button.
- Reject: the start user (in our sample user.1) receives a notification about the denial. An OpenIDM
notification is created about this event which is visible on the UI after log in with the appropriate user.
An OpenIDM notification is created about this event which is visible on the UI after login with the appropriate user.
In this sample there is an escalation step attached to the manager approval task. If the manager does not complete
the user task within 10 minutes then a new user task is created and assigned to superadmin. It has the same user interface
detecting orphan accounts on the target objects set and handling ambiguous results of correlation phase.
rename samples/usecase/usecase4/conf/syncManagedBusiness.json to samples/usecase/usecase4/conf/sync.json
is defined in samples/usecase/usecase4/data/business.csv file.
$ cd /path/to/openidm
$ curl -k -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=recon_managedUser_systemBusiness"
- Link: when choosing this option valid managed user id needs to be entered to link the orphan account to.
Pick any user id from managed users where the managed user is not linked to any users in the csv file yet:
if this use case is started after the initial reconciliation then pick e.g. user.5.
If users are created e.g. by using sample2 that user can be used heres as well.
In this use case we have a scheduled task fetching all the managed users and starting a certification workflow
$ cd /path/to/openidm
Every managed user created in OpenIDM has a dedicated attribute to store the date of the last password change event (lastPasswordSet).
This value is updated by an onStore script defined in managed.json which
The workflow is started by passwordchange.js javascript. There are two options to run this workflow:
Update the smtp settings of this file and copy it to samples/usecase/usecase6/conf/ folder.
To enable email notifications change the following parameter of passwordchange.js: