README revision 4b3769ce483ece06f60f983193712492b920144f
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncIn the usecase folder there are a set of files which together tell a user story based on some common examples.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncAfter building the openidm-zip project these files are copied and organized in an appropriate folder structure,
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsynceach usecase folder contains the files that are needed for that certain use case sample.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncAll the samples assume a certain initial setup of managed users in OpenIDM.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncThe users are organized the following way:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync- there are 20 ordinary users: user.0 ... user.19 where
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - user.0 .. user.4 belong to Human Resources having user.0 as Manager,
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync user.0 .. user.3 employees and user.4 contractor
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - user.5 .. user.9 belong to Production Planning having user.5 as Manager,
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync user.5 .. user.8 employees and user.9 contractor
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - user.10 .. user.14 belong to Sales & Distribution having user.10 as Manager,
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync user.10 .. user.13 employees and user.14 contractor
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - user.15 .. user.19 belong to Treasury & Payments having user.15 as Manager,
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync user.15 .. user.18 employees and user.19 contractor
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncFurthermore we have the following special users:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync- hradmin: user representing the human interaction of the HR department
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync- systemadmin: user representing the human interaction of the populated systems (“Business” and “Project”)
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync- superadmin: user representing the manager of the managers
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncList of use cases
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncUsecase1 - Initial reconciliation
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync In this step we import the users from OpenDJ to OpenIDM using reconciliation.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync To prepare to run the sample, download OpenDJ directory server from
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync http://forgerock.org/opendj.html. Install OpenDJ using QuickSetup:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * Use "password" as the password for cn=Directory Manager.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync * Import samples/usecase/data/hr_data.ldif during installation.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 1. Start OpenIDM with the configuration for usecase1.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 2. Run reconciliation.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync $ curl -k -u openidm-admin:openidm-admin -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=systemHRAccounts_managedUser"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 3. Query the managed users created by reconciliation
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync $ curl -k -u openidm-admin:openidm-admin "https://localhost:8443/openidm/managed/user?_queryId=query-all-ids"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync There should be 23 users created.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncUsecase 2 - New user onboarding
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync In this step we simulate an HR employee starting the onboarding process for an employee
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync and approval step of the manager.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync If we want to use email notifications as part of the process make the following changes:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - External email service of OpenIDM has to be configured using the following file:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Update the smtp settings in this file before starting the workflow.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Change the notification email properties in the workflow definition file:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync samples/usecase/usecase2/workflow/newUserCreate.bpmn20.xml
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync emailParams = [_from : 'usecasetest@forgerock.com', _to : 'notification@example.com',
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync _subject : 'Use Case Test Notification', _type : 'text/plain',
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync _body : 'The requested user ' + userName + ' was successfully created']
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Change the _from and _to fields to contain valid email addresses.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 1. Start OpenIDM with the configuration for usecase2.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 2. Log in to the UI as user.1 (this user belongs to HR department, default password is 'Passw0rd')
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 3. Select the User Onboarding Process by clicking on it.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 4. Fill the fields of the form presented by the UI. The fields marked with x are mandatory.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Department field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync By selecting one of the four departments we define which department the new user
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync will belong to. Based on this the workflow will select the possible candidate assignees
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync for the manager approval user task: it will be either superadmin (as manager of everyone)
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync or the manager of the selected department (see description above).
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync example: if HR is selected the manager candidates will be user.0 and superadmin.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - User Type field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync if the User Type field is Employee then the user will have access to an account called "Business".
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync This is represented on the managed user in OpenIDM repository by having the following attribute on
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync the managed user:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync accounts : [ "Business"]
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync if the User Type is Contractor then the new user won't have any accounts associated to it in
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync managed user representation in OpenIDM.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Send Email Notification field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync If 'No' is selected for this field then no email notifications will be sent.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Notifications will be added to the OpenIDM repository which will appear on UI.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 5. Start the workflow by clicking on Start button.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 6. Log out and log in as the manager of the department selected in the initial start form
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync example: if HR was selected then log in as user.0
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 7. Click on the Onboarding approval task appearing on UI as task in the group queue
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync and assign the user task to user.0 (select 'Assign it to me'). The task appears now in 'My tasks'.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 8. Click on the Task and then on the 'Details' button.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Start Date field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync filling this field results in the user being created and adding the startDate property
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync to the user. Furthermore, the user status will be 'inactive'.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync The field is optional, it will be used by TaskScanner to trigger sunrise workflow.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - End Date field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync filling this field results in the user being created and adding the startDate property
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync to the user.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync The field is optional, it will be used by TaskScanner to trigger sunset workflow.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Manager field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Selecting yes will add 'title' field to the new managed user with the value 'manager'.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Decision field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Selecting 'Reject' terminates the workflow and sends a notification to the start user
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync of the workflow.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Complete the task by clicking on 'Complete' button.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 9. If 'Accept' was selected then the user is created as a managed user in OpenIDM.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Two OpenIDM notifications are created about this event: one for the start user and one for the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync new user. Those are visible on the UI after login with the appropriate user.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync If email notification was selected then one email is sent to the user configured at the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync beginning of the use case sample.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 10. Sunrise workflow
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync If the sunrise date of the new user was set then the user was created with inactive account status.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync To trigger sunrise activate the sunrise task scanner (it's inactive by default):
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync samples/usecase/usecase2/conf/schedule-taskscan_sunrise.json
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Change: "enabled" : false
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync to "enabled" : true
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync The scan will run every minute and checks for users having sunrise date before
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync current date plus one day.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Once the scan is triggered it picks the new user, starts the sunrise workflow on it:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - changes the account status to active
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - adds an OpenIDM notification to the new user (visible when logging in to OpenIDM UI).
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync 11. Sunset workflow
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync If the sunset date of the new user was set then sunset workflow can be triggered
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync To trigger sunset activate the sunset task scanner (it's inactive by default):
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync samples/usecase/usecase2/conf/schedule-taskscan_sunset.json
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Change: "enabled" : false
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync to "enabled" : true
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync The scan will run every minute and checks for users having sunset date before
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync current date plus one day.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync Once the scan is triggered it picks the new user, starts the sunset workflow on it:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - a user task is assigned to the manager of the user (e.g. in our sample the assignee is user.0)
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Log in to OpenIDM UI with user.0 and select the task in 'My tasks'
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Decision field:
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Accept termination: the user's account status will be set to inactive and hradmin
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync receives an OpenIDM notification about it.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync - Modify date: the sunset date of the user will be changed and the manager
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync of the user receives an OpenIDM notification about it (user.0 in our sample).
_subject : 'Use Case Test Notification', _type : 'text/plain', _body : 'The access request was accepted']
$ cd /path/to/openidm
- Reject: the start user (in our sample user.1) receives a notification about the denial. An OpenIDM
notification is created about this event which is visible on the UI after log in with the appropriate user.
9. Click on the User Access Request Approval task appearing on UI in 'My tasks' and then on the 'Details' button.
- Reject: the start user (in our sample user.1) receives a notification about the denial. An OpenIDM
notification is created about this event which is visible on the UI after log in with the appropriate user.
An OpenIDM notification is created about this event which is visible on the UI after login with the appropriate user.
In this sample there is an escalation step attached to the manager approval task. If the manager does not complete