Menfi Systems Sun Identity Manager FAQ

coldwaterphewServers

Nov 17, 2013 (3 years and 11 months ago)

107 views

Menfi Systems Sun Identity Manager FAQ

This FAQ is not meant to replace documentation. This FAQ is simply a quick reference.


Which JDK have you successfully used?

jdk
-
1_5_0_
13
-
windows
-
i586
-
p.exe
-

53,914,904 bytes


How do I register Java with the browser
?

Java Control Panel

C:
\
Program Files
\
Java
\
jdk1.5.0_13
\
jre
\
bin
\
javacpl.exe

Advanced tab, <APPLET> tag support


How do I enable / disable the Java console?

Control Panel, Java, Advanced, Show | Hide console


Which version of NetBeans have you successfully
used?

netbeans
-
5_5
-
windows.exe
-

57,355,640 bytes


How do

I set edit line bookmarks in
NetBeans?

Navigate, Toggle Bookmark Ctrl+F2, Next Bookmark F2.


How do I set edit line markers in EditPlus.

Search, Markers, Toggle Markers F9

Next Marker F4

Previous

Ma
rker Shift F4


How do I know NetBeans found the right version of Java?

During installation NetBeans will echo the version of Java it is using
.
C:
\
Program
Files
\
Java
\
jdk1.5.0_13

for example.


Which version of Tomcat is bundled with NetBeans?

Bundled Tomcat

5.5.17



What is the location of the tomcat
-
users.xml file?

C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
conf
\
tomcat
-
users.xml
.


What tomcat credentials should I use to log into
http://localhost:8084/manager/html
?


<
user username="ide" password="KgTIbQGg" roles="manager,admin"/>


What is the hostname and port?

http://localhost:8084
.


How do I set the JVM settings?

C:
\
Program Files
\
netbeans
-
5.5
\
enterprise3
\
apache
-
tomcat
-
5.5.17
\
bin
\
catalina.bat


line 1
-

@echo of
f


line 2
-

set JAVA_OPTS=%JAVA_OPTS%
-
Xms512m
-
Xmx512m


How do I know Tomcat is using the right JVM memory settings?

http://localhost:8084/


-

Status

Free memory: 1.55 MB Total memory: 8.20 MB Max memory: 63.56 MB


before

Free memory: 496.86 MB T
otal memory: 508.06 MB Max memory: 508.06 MB
-

after


Which Sun Identity Manager zip file have you successfully used?

IDM_7_1_0.zip
-

312,057,654 bytes


Which Sun Identity Manager war file did you begin with in the staging directory?

idm.war

-

119,799,225
bytes


How do you set the required environment variables?

set JAVA_HOME=C:
\
Program Files
\
Java
\
jdk1.5.0_13

set PATH=C:
\
Program Files
\
Java
\
jdk1.5.0_13
\
bin;%PATH%

set WSHOME=C:
\
stage
\
idm


How do I set the Sun Identity Manager Repository?



Flat File.

lh setRepo

-
tLocalFiles

fC:
\
Repository




DB2.

lh setRepo
-
tDB2
-
ujdbc:db2://host:port/idm

-
jcom.ibm.db2.jcc.DB2Driver

-
Uuser
-
Ppassword


lh setRepo

tDB2

ujdbc:db2://host:port/idm

Uuser
-
Ppassword




DB2 WebLogic DataSource
-

credentials set in WebLogic DataSource

lh setRepo
-
v
-
tDB2
-
iweblogic.jndi.WLInitialContextFactory
-
fjdbc/idm
-
ut3://host:port
/

lh setRepo
-
c

v

Defaulting administrator to 'configurator'.

Defaulting credentials to 'configurator'.

Enter password for configurator:

Getting current location....

C
urrent Location is 'DB2DataStore:jdbc/idm'

userid is 'null'

password is '(not set)'

jdbcDriver is 'null'




DataSource verification. In the Application Server remove the DataSource from
the Sun Identity Manager Application (Target). Subsequent Sun Identity

Manager failure confirms Sun Identity Manager DataSource connectivity.




MySQL

lh setRepo

tMysql

ujdbc:mysql:/localhost/waveset




Oracle

lh setrepo

toracle

u jdbc:oracle:thin:@host:port:idm
-
Uuser

-
Ppassword





Which jar files are required?

java.la
ng.NoClassDefFoundError: javax/activation/DataSource

C:
\
Program Files
\
netbeans
-
5.5
\
enterprise3
\

apache
-
tomcat
-
5.5.17
\
common
\
lib
\
activation.jar


(45,386 bytes)

javax/mail/MessagingException

C:
\
Program Files
\
netbeans
-
5.5
\
enterprise3
\

apache
-
tomcat
-
5.5.17
\
com
mon
\
lib
\
mail.jar

280,984 bytes


Where are the NetBeans jar files?

(
jar files seen in the NetBeans user
interface)

C:
\
Documents and Settings
\
Michael Ciaccio
\
Idm
\
custom
\
WEB
-
INF
\
lib
\

mail.jar

280,984 bytes

C:
\
Documents and Settings
\
Michael Ciaccio
\
Idm
\
custom
\
WEB
-
INF
\
lib
\

jms.jar

23,788 bytes

C:
\
Documents and Settings
\
Michael Ciaccio
\
Idm
\
custom
\
WEB
-
INF
\
lib
\

activation.jar

54,368 bytes


How do I deploy the Sun Identity Manager web application to Tomcat using
directory URL?

Note


Deploying the SunIdentity Manage
r web application as a directory structure.
Useful for development and prototyping.

http://localhost:8084/manager/deploy?path=/idm&war=file:/c:/stage/idm

OK
-

Deployed application at context path /idm


How do I deploy the Sun Identity Manager web applicat
ion to Tomcat editing server.xml?

C:
\
Documents and Settings
\
Michael Ciaccio.MENFI
-
6F9704A62
\
.netbeans
\
5.5
\
apache
-
tomcat
-
5.5.17_base
\
conf
\
server.xml


<Context path="/idm" docBase="C:/stage7"



createContext="true"





reloadable="true" trusted="false"/>



</Host>m



</Engine>


</Service>

</Server>


How do I disable the HTTP Monitor in NetBeans?

Tools, Server Manager, un
-
check Enable HTTP Monitor.


What is the name of the Sun Identity Manager ID
E NetBeans plug
-
in?

com
-
sun
-
idm
-
ide.nbm

-

2,081,630

bytes.


Wh
ere can I find the Su
n Identity Manager IDE NetBeans plug
-
in?

The plugin is in the downloaded zip file
IDM_7_1_0.zip
.


How do I set the Identity Manager Instance in NetBeans?

Projects, right cl
ick Custom Identity Manager Objects, Set Identity Manager Instance
.


How do I explore the Sun Identity Manager repository in NetBeans?

Projects, right click Custom Identity Manager Objects, Repository, Explore


How do I create new Sun Identity Manager obj
ects in NetBeans?

Projects, Idm, right click C
ustom Identity Manager Objects

New, File/Folder, Sun Identity Manager Objects


Where are my n
ew Sun Identity Manager Objects?

C:
\
Documents and Settings
\
Michael Ciaccio
\
Idm
\
custom
\
WEB
-
INF
\
config


What does a rec
onciliation

situation analysis of UNMATCHED

mean?

The concrete Resource Identity exists, the Sun Identity Manager VID does not exist.

If this is an

on going production deployment
, the concrete Resource Identity may have been added using
account management

tools on the Resource, example Solaris useradd, passwd.

This identity may
or may not be compliant with corporate policy.



What does a reconciliation

situation analysis of UNASSIGNED

mean?

Both the
concrete Resource Identity and the Sun Identity Manager

V
ID exist, however the
Resource I
dentity is not assigned to the VID.

Setting the

Link resource account to user


Response to the UNASSIGNED Situation updates the Situation Analysis from UNASSIGNED to
CONFIRMED.


What does a reconciliation

situation analy
sis of CONFIRMED

mean?

The Sun Identity Manager VID and the concrete Resource Identity both exist, and the Resource
Identity is linked to the VID.


How can I get a report of identities that

do not have a situation analysis of CONFIRMED
?

Account Index Repo
rt, Filter accounts by situation, Exclude situations CONFIRMED.


How can I list Sun Identity Manager Administrators and their capabilities?

Reports, All Administrators.


What is Sun Identity Manager
custom
object naming convention?

object
-

XYZ


Change M
y Password Form

file
-

UserForm_XYZ
-
Change
MyPasswordForm.xml


How can I implement

a custom
end user Change Password form?

Configure, Form and Process Mappings,

endUserChangePassword
-

Change Password Form

-

default

endUserChangePassword


XYZ


Change My

Password Form



custom form.


How can I be sure my new Form

is being used?

Add a test Label field to the Form.

This also works for
FieldRef

testing.

<Field name='testField
'>


<Display class='Label'>


<Property name='title' value='
test Title
'/>


<Property name='value' value='
test V
alue'/>


</Display>

</Field>


How do I make an object available to All organizations?


<ObjectRef type='ObjectGroup'

name='All'/>



How do I enable bulk provisioning for Roles?

name='Role Form
'

add field
-

<Field name='processInputs.reprovision'>


<Default>


<s>true</s>


</Default>


</Field>


What is the out of the box usage of processInputs?

$ find .
-
name '*xml'
-
exec grep processInputs {}
\
;


<Field name='processInputs.ba
ckgroundProvisioning'>


<Field name='processInputs.provisioningRetryURL'>


<Field name='processInputs.backgroundProvisioning' button='true'>


<Comments>


This originally posted "processInputs.Background Save".


In 4.0, t
he name of the variable was changed to


backgroundProvisioning.


Another way to accomplish this is to set the view attribute



"waveset.backgroundSave"


which will force it into the background immediately.



But I think I prefer letting the process decide rather than



the view handler.


</Comments>



Is more processInputs information available?

Attributes on the user view that are set under processInputs are automatically pushed a
s top level
variables into the provisioning task launched by the

view handler to reprovision the user with the
information specified in the view.

For example the Update User Workflow Task has a global,
external variable named disableUpdateApprovals defined

which the task references / interrogates
before launching approvals. This action sets that variable.



<Action id='0'>


<expression>


<set name='user.processInputs.disableUpdateApprovals'>


<s>true</s>


</set>


</expression
>

</Action>


*** debug view

<Object id='User:jsmith'>


<Attribute name='processInputs'>


<Object>


<Attribute name='disableUpdateApprovals' value='true'/>


</Object>


</Attribute>

***



The next action is the checkinView a
ction. disableUpdateApprovals will be referenced /
interogated
t
here.


<Action id='1' name='Checkin User View'
application='com.waveset.session.WorkflowServices'>


<Argument name='op' value='checkinView'/>



“then”


<TaskDefinition name='Update User'




“then”

<Configuration name='
Lighthouse Approvals
'>



“then”


<Transition to='end'>

<ref>disableUpdateApprovals</ref>

if true
, skip LH

approvals


How do I “escape” when using the find command?

find .
-
name '*xml'
-
exec grep subject
\
>Approval
\

request
\

for

{}
\
;



How do you define and initialize a variable at the same time?

<defvar name='count'>


<i>0</i>

</defvar>



What are the guidelines for Authorization Types?

Do not create Authorization Types, instead leverage Admin Roles to control access to sp
ecific
objects.


What is the Sun Identity Manager debug URL?


http://localhost:8084/idm/debug/session.jsp



What are the out of the box Sun Identity Manager
User Extended Attributes?

Debug, List Objects, Configuration,
User Extended Attributes


<Strin
g>firstname</String>


<String>lastname</String>


<String>fullname</String>


What attributes are associated with the VID?

Debug, List Objects, User

name (accountId), password, email,
firstname, fullname, lastname, idmManager




What

are the
field n
ame
s associated with manager
in the Tabbed User Form?

User Library
Identity
C
ontent

field reference
-

<Field name='global.idmManager'>
,
<Field name='accounts[Lighthouse].idmManager'>


What is the naming convention for custom Sun Identity Manager objects?

Fi
le name


“UserForm_Acme
-
EmployeeForm.xml”, Object Name


“Acme
-

Employee Form”


What is the path name to the Sun Identity Manager jsp(s)?

C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
account


What is the
path name to the compiled Sun Identity Manager jsp(s)?

C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
work
\
Catalina
\
localhost
\
idm
\
org
\
apache
\
jsp


What are example names of the compiled jsp(s)?

modify_jsp.java, modify_jsp
.class


How do I set a custom form title and subtitle editing the jsp?


if (id == null) {




From account/modify.jsp
.


form.setTitle("Create Title");


form.setSubTitle("Create Sub Title");


form.setViewId("User");


}


else {



form.setTitle("Edit Title");


form.setSubTitle("Edit Sub Title");


form.setViewId("User:" + id);


How do I set a
custom
form title and subtitle editing the Form XML?

<Configuration name='My

Form'

wstype='UserForm'>


<Extension>


<F
orm name='My Form'
>


<Display class='EditForm'>


<Property name='title' value='title'/>


<Property name='subTitle' value='sub

title
'/>


</Display>


Which title and subtitle customizations take precedence?

If custom form title and s
ub title edits are made in both the jsp and the form XML, the
customizations made to the form XML will render in the browser.


What are form title and sub title best practices?

Edit the form XML. Here is a quote from the out of the box
Sun Identity Mana
ger

jsp
-

// shouldn't be here, put it in the form XML

If the title customizations are made in the jsp, the customizations will be the same for all
Sun
Identity Manager

forms rendered by that jsp, unless the form XML overrides the title and sub
title.


How

do I associate a custom form with a jsp?


req.setOption(UserViewConstants.OP_FORM, "My Form");


What

is the
path name to the Sun Identity Manager javadoc?

C:
\
downloads1
\
sun
\
expand
\
REF
\
javadoc
\
index.html


Where can I find the package name of objects?

Trace

using the legacy BPE. Debug in NetBeans.

context is

<String>com.waveset.session.LocalSession@1482747</String>



What are some

common Sun Identity Manager package and class names?



Package Class

Instance

Method


com.waveset.session.LocalSession


<ref>
context</ref>

<ref>
:display.session
</ref>


getSubject


com.waveset.object.GenericObject


getView

variables

user

approvals



com.waveset.workflow.WorkflowEngine

WF_CONTEXT



com.waveset.object.WavesetResult

WF_CASE_RESULT







java.util.ArrayList

<Lis
t></List>



Java.util.Date

<Date>12/01/2008</Date>











How can I get the session?

<rule name='EndUserRuleLibrary:getCallerSession'/>

<ref>context</ref>

<ref>:display.session</ref>

(Note


Anonymous workflow.)

<invoke name='getLighthouseContext'>



<ref>WF_CONTEXT</ref>

</invoke>


<new class="com.waveset.server.InternalSession"/>


How do I search for files?

C:
\
>dir c:
\
Waveset.properties /b /s

> found.txt

C:
\
>findstr /s /i targetResources c:stage
\
idm
\
*.xml

$ find .
-
name '*xml'
-
exec grep processI
nputs {}
\
;


How can I insure a defined attribute or attributes are updated when a Resource is assigned
or unassigned?

One example
-

Place the Resource in a Role. Within the Role Set Attribute Values. In the form
assign the Roles using the
MultiSelect

Di
splay class. Set the action attribute to true. Place the
dependent variables to be updated after the Roles field.


How are the tabs of a
Tabbed User Form

named?

There is no title Property.
The tabs are Display class EditForm. The tab name that rende
rs in the
browser is the Field name.


How do I configure Sun Identity Manager when

a SMTP server is not available?

C
:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
config
\
Waveset.properties

notification.redirec
t=notifications.txt


Wh
at is the default
notifications.txt file

location
?

C
:
\
Program Files
\
netbeans
-
5.5
\
enterprise3
\
apache
-
tomcat
-
5.5.17
\
bin
\
notifications.txt


Is there an example of global name space and accounts name space integration?

<Field name='acco
unts[Lighthouse].idmManager'>


<Expansion>


<ref>global.idmManager</ref>


</Expansion>

</Field>


How can I get a <Display class='Select'> drop down to behave as expected?

Make sure you are using the allowedValues field.


How can I resolve the followi
ng error

(
MultiSelect

Display class example)
?

( )
-

Warning: Parenthesized values in field 'Project Assignments' do
not match any of the allowed values.


Due to organization assignment(s) or include / exclude in Admin Roles a
Sun Identity
Manager

object ma
y routinely be excluded from the logged in users scope.


Explicitly add an allowedValues reference to the normally excluded objects.



<Property name='allowedValues'>


<invoke name='getObjectNames' class='com.waveset.ui.FormUtil'>


<ref>:display.sessio
n</ref>


<s>Role</s>


<ref>waveset.original.roles</ref>

<
--

explicitly add reference


</invoke>

</Property>


Another way to do it avoiding deprecated methods.

Note allowedOthers not needed.


<Field name='waveset.roles'>


<Display class='MultiS
elect' action='true'>


<Property name='title' value='Project Assignments5'/>


<
Property name='availableTitle' value='Available Projects'/>


<Property name='selectedTitle' value='Current Projects'/>


<!
--

<Property name='allowOthers' value='true
'/>

--
>


<Property name='allowedValues'>



<filterdup>



<appendAll>



<invoke name='getObjectNames'

class='com.waveset.ui.FormUtil'>



<ref>:display.session</ref>




<s>Role</s>


</invoke>



<ref>
waveset.original.roles</ref>


</appendAll>


</filterdup>


</Property>


</Display>

</Field>


What capability allows a
n Administrator to only update existing users, and not add
new users
?

Update User.


What are some common
Unicode(s) used wit
h
Sun Identity Manager
?

&#39;



$apos;


apostrophe


What object encapsulates

the user object in

a Work Item?

variables.


What object encapsulates

the global name space
?

user


What is the baseContext of a Form used with Work Item(s)?

baseCon
text
="
variable
s.user
"


How is No Default Buttons set in a Form used with Work Item(s)?

noDefaultButtons="true
"


How can a developer render a Work Item Form with fields in a browser before the Form is
associated with a Work Item?

Do not set the baseContext, assign the Fo
rm to a test account administrator.


How
are
variables that are not attributes of the view

in a Form with a baseContext of
variables.user referenced
?

Example
-

:variables.WF_CASE_OWNER
note colon
field name
prefi
x.


How can I set HOME in cygwin?


Michae
l Ciaccio@PC139223223129 /home/Michael Ciaccio

$ cat .profile

export HOME=C:/stage/idm

cd C:/stage/idm



How can I add 1 approver to a workflow?

Insert Activity.

Palette, Approvals, Approval Activity


<Activity name='Approval'>


<Action process='Approval'
>


How do I associate a Workflow TaskDefinition with a User Form?

<Field name="viewOptions.Process">


<Expansion>


<s>Training
-

Update User</s>


</Expansion>

</Field>

An alternative is a new workflow followe
d by a process mappings update.


What is t
he default email template “sent” to the approver?

Account Creation Approval


How do I trace workflow?


With simple workflow trace.

http://localhost:8084/idm/debug/session.jsp

List Objects, Configuration, System Configuration

<Attribute name='fileTrace'/>



<Attribute name='fileTrace' value='wft.txt'/>

***************************************

11/06/08 03:02:31 CST

Executing case: Training
-

Anonymous User Registration

----------------------------------------

Walking case 'Training
-

Anonymous User Registrati
on'


Processing steps in 'Training
-

Anonymous User Registration'


Step pass 1


Initializing variables


Initial Case Variables


WF_CASE_OWNER = Temp:New Contractor


singleApprovalProcess = Training
-

Approval


endUser = true


an
onymousUser = New Contractor


Case title set to 'Training
-

Anonymous User Registration'


Step executing 'start'


Step complete 'start'


Step inactive 'start'


Step executing 'end'


Step inactive 'end'


Completing case 'Training
-

Anonymous User Registration'


Step inactive 'start'

Finished executing workflow case Training
-

Anonymous User Registration


What is the default pathname of the workflow trace file?

C:
\
Program Files
\
netbeans
-
5.5
\
enterprise3
\
apache
-
tomcat
-
5.5.17
\
bin
\
wf
t.txt
.


What are some strings to search for when debugging a Workflow trace?

'error', exception, ResultError, WavesetException


How can I use XPRESS to get Sun Identity Manager System Configuration information?

<get>


<invoke name='
getSystemConfiguration
'
>


<invoke name='getLighthouseContext'>


<ref>WF_CONTEXT</ref>


</invoke>


</invoke>


<s>security.nonrepudiation.signedApprovals</s>

</get>


When is the “request” Argument of the Approval process displayed?

The request Argument of the Approv
al process is displayed after the User Form Save button is
pressed. And in the approver’s Approvals List.

<Action

process='Approval'>


<Argument name='request' value='Approve project assignment'/>


When is the “
description
” Argument of the Approval pro
cess displayed?

The
description

Argument of the Approval process is displayed in the approver’s Approvals List.

<Action

process='Approval'>


<Argument name='description' value='Please approve or disapprove this request


to add this employee to a pro
ject.'/>



What are examples of out of the box and custom description(s) and request(s)?

Request: Approve Organization Top:XYZCompany:Client Services:Professional Services

Request: Approve Role


Citrix install

Description:

Account michael.ciaccio

De
scription: Account michael.ciaccio



Custom

-

Request: Professional Services Approval michael.ciaccio

Description:
Manager approval of new contractor assignment.




How do I implement a custom approval form?

Locate the Approve Activity, locate the Light
house Approvals process Action, add the
approvalForm Variable.

<Activity

name='Approve' audit='true'>


<Action

process='Lighthouse Approvals'>


<Variable name="approvalForm" value="Training
-

Resource Owner Approval"/>


How can I add a single approver?

Note out of the box Approval Workflow Subprocess.

Note approver Argument.

Note approvalForm Argument.


<Activity id='8' name='Manager Approval'>


<Variable name='managerApproved'/>



<Action id='0' name='Single Approval' process='Approval'>



<Argu
ment name='user' value='$(user)'/>




<Argument name='approvalForm'


value='Training
-

Manager Project

Approval'/>


<Argument name='approver'




value='$(user.accounts[Lighthouse].idmManager)'/>


In a Work Item User Form

how can I reference the Resource being approved?

<Field name=':variables.objectName'>


<Display class='Label'>



<Property name='title' value='Access Requested:'/>


</Display>

</Field>



How can I troubleshoot my new custom User Form?

A cursory check
is to edit a user with the new Form, then immediately save the user

without
making any changes.
Note the Changes section
. T
here should not be any changes, unexpected

changes, from merely opening then saving the user with the new form.



Where is the “
acc
ount.
” name space used?

Correlation rules work by dumping the resource account’s attribute values into a rule context
under

account.*.


Should I use <Derivation> or <Expansion> in an Active Sync Form?

Remember to use <Expansion> elements to set fields. <D
erivation> elements will be evaluated
before the activeSync.* attributes are merged into the user view.
How can I see all objects?

<invoke name='listObjects'>


<ref>context</ref>

</invoke>


How can I get a list of all Users?

<invoke name='getUsers' cla
ss='com.waveset.ui.FormUtil'>


<ref>context</ref>

</invoke>



How can I
get

a User using

conditions, attributes?

<RuleArgument name="employeeId" value="E101234"/>



<invoke name='getUsers' class='com.waveset.ui.FormUtil'>


<ref>context</ref>


<map
>


<s>conditions</s>


<list>



<new class='com.waveset.object.AttributeCondition'>



<s>employeeId</s>



<s>equals</s>


<ref>employeeId</ref>


</new>


</list>


</map>

</invoke>


<invoke name='toList'>


<invoke name='l
istObjects'>


Note
-

com.waveset.object.LocalSession


<ref>context</ref>


<invoke name='findType' class='com.waveset.object.Type'>


<s>User</s>


</invoke>


<map>


<s>conditions</s>


<new class='com.waveset.object.AttributeCondi
tion'>


<s>employeeId</s>


<s>equals</s>


<ref
>
employeeId
</ref
>


</new>


</map>


</invoke>


<s>name</s>

</invoke>


<invoke name="toList">


<invoke name='listObjects'>



<ref>context</ref>


<invoke name='findType
' class='com.waveset.object.Type'>



<s>User</s>


</invoke>


<map>



<s>attributes</s
>



Note
-

attributes



<map>



<s>employeeId</s>


<ref>employeeId</ref
>


</map>


</map>


</invoke>


<s>name</s>

</in
voke>


Is the AttributeCondition.Operator case sensitive?

The AttributeCondition.Operator is not case sensitive, both equals and EQUALs work.


Where can I get a list of the AttributeCondition.Operator(s)?

javadoc,
com.waveset.object.AttributeCondition.Oper
ator


How can I get a list of objects by Type?

<invoke name='listObjects'>


<ref>context</ref>


<invoke name='getType' class='com.waveset.object.Type'>


<s>U
ser</s>

Note case insensitive, User and user work


</invoke>

</invoke>


<invoke name='li
stObjects'>


<ref>context</ref>


<invoke name='getType' class='com.waveset.object.Type'>



<s>AdminRole</s>


</invoke>

</invoke>



How do I resolve unexpected results
, (nul
l),
when testing a rule

in NetBeans
?

Test the rule using Sun Identity Manage
r console or the legacy IDE, the BPE.

Look in Bundled
Tomcat (5.5.17) NetBeans output.


Where can I find examples of integrating custom create and update Workflows with an
active sync form

based on the feedOp
?

Sun training resources
-

custom
\
config
\
custo
m
\
phase3
\
UserForm_Training
-
HRActiveSync.xml



What does a correlation Rule return?

The return value for the rule should be one of the following: matching Identity Manager user

name, an AttributeCondition which compares an account attribute value to an exte
nded attribute
on the matching IdM user, or a list of AttributeCondition objects which are ANDed together.


What is the relationship between the activeSync. name space in the synchronization User
Form and the corresponding Resource schema?

The activeSync
. name space in the synchronization User Form corresponds to the left hand side
(LHS) of the Resource schema.


What file does Active Sync use to track changes to the feed file?

FFAS
-
20081026_114818_250.FFAS



This file represents the state of the feed fil
e at the last
Active Sync polling interval.

This file is located in the same directory as the feed file.

Use:Edit Synchronization Policy
-

Process differences only.


What file

tracks the
Active Sync

timestamp?

.tstamp_HR Feed_@@@_1225040389015
, this file
is located in the same directory as the Active
Sync log file.


What are the
other
Active Sync objects and locations?

Resource name:
HR Feed

Edit Synchronization Policy, Log File Path, C:
\

Log File: C:
\
HR Feed.LOG

Idm/de
bug/session.jsp, List Objects, C
onfig
uration, SYNC_HR Feed


What are the typical Sun Identity Manager tasks that run?

Reconciler PC139223223129

Source Adapter Task PC139223223129

SARunner:HR Feed


Why does Active Sync not process all records in file?

Check Allowed Error Count


How do I set up the Edit Plus printer?

Tools, Preferences, Print, Ignore text color


What is the Sun Identity Manager search account index URL?

http:
//localhost:8084/idm/resources/fin
dReconAccount.jsp


How can I resolve
“already exists” errors

associated with create feedOP when running
s
ynchronization
s?

Update Correlation / Confirmation rules.


What is the sequence regarding the Correlation Rule assoc
iated with an Active Sync User
Form?

The Active Sync Correlation Rule runs before the Active Sync User Form.


What are some useful Active Sync log search strings?

ResultItem, feedOp, status=


How can I get the View of a User?

<invoke name='getView'>


<re
f>context</ref>


<concat>



<s>User:</s>


<
ref>global.manager</ref>


</concat>


<Map/>

</invoke>



How does the
TargetResources Map option of the com.waveset.sessionLocalSession getView
method call work?



<map>


<s>TargetResources</s>


<list>



<s>Lighthouse</s>


</list>

</map>


<Object id='User:bobby'>


<Attribute name='password'>





<Attribute name='targets'>




<List>




<String>Lighthouse</String>





<String>AD</String>



<String>Corporate
LDAP</String>





<String>testResource</String>



</List>


</Attribute>







<Attribute name='targets'>



<List>




<String>Lighthouse</String>



</List>


</Attribute>



How can I get an attribute from the View?

<bloc
k trace="true">


<invoke name='get'>


<invoke name='getView'>



<ref>context</ref>


<concat>



<s>User:</s>


<ref>global.manager</ref>


</concat>


<map>



<s>TargetResources</s>


<list>



<s>Lighthou
se</s>


</list>


</map>


</invoke>


<s>waveset.organization</s>


</invoke>

</block>


Is there an easier way to get the organization?


<invoke
name='getOrgan
izationDisplayableNameByUserId'


c
lass='com.waveset.ui.FormUtil'>


<ref>
context</ref>


<list>



<ref>global.manager</ref>


</list>

</invoke>

Useful for assigning a report to a manager
’s organization
.


W
hat are the best
practices for User Forms integration
with Admin Role(s)?

If the User Form is assigned to the User, assign

the Empty Form to the Admin Role.




How can I use perl to edit a file?

perl
-
pi
-
e "s/
\
'//g;"
contractorWork.txt


remove single quote

perl
-
pi
-
e "s/
\
);//g;"
contractorWork.txt


remove parenthesis and semi colon


How does the name attribute(s) of the

button fields and the baseContext work?



<Field button='true' name="Do Not Use
">

effected by baseContext


<Display class='Button'>


<Property name='name' value='variables.formButton'/>


not effected by baseContext


<Property name='lab
el' value='Save'/>


<Property name='command' value='Save'/>



<Property name='value' value='save'/>



</Display>

</Field>


What is the HTML POST value of the button?

The command property.


How can I configure a Sun Identity Manager Internet Explorer i
con

(desktop shortcut)
?

Target
-

"C:
\
Program Files
\
Internet Explorer
\
iexplore.exe"
http://localhost:8084
\
idm
\
user
\
login.jsp


What is the syntax for a XML comment?

<!
--

AccountInformation
--
>


Where can I get user password expiration information?

Account In
formation

Password Expiration 10/31/08 18:54:03 CDT


What is the best way to iteratively develop / test a new User Form?

Add a “Form Test User” account administrator to
Sun Identity Manager
. Add test users to
Sun
Identity Manager

with attributes
that will exhaustively test both User Form business logic and
appearance.


How can I add 1 approver to a workflow?

<Activity

name='Manager Approval'>


<Action id='0' name='Single Approval' process='Approval'>



<Argument name='approver' value='$(
user.accounts[Lighthouse].idmManager)'/>


How does com.waveset.ui.FormUtil. getUnassignedResources work?

<invoke name='getUnassignedResources' class='com.waveset.ui.FormUtil'>


<ref>context</ref>
--
> com.waveset.session.InternalSession


<map>



<s>currentRoles</s>
--
> currentRoles




<ref>waveset.roles</ref>Resolved waveset.roles to null


<s>currentResourceGroups</s>
--
> currentResourceGroups


<ref>waveset.applications</ref>
Resolved waveset.applications to

null


<s>current</s>
--
> current


<ref>waveset.original.resources</ref>


Resolved waveset.original.resources to


[AD, testResource, Corporate LDAP]


</map>




{current=[AD, testResource,

Corporate LDAP],



currentResourceGroups=null,



currentRoles=null}

</invoke>



[AD, Corporate LDAP, Solaris 1, Solaris 2, Solaris 3,



SPE End
-
User Directory, testResource, Training
-

Contractor Feed,



Training
-

HR Feed]

Browser

Available Resources


Selected Resources

Solaris 1



AD

Solaris 2



Corporate LDAP

Solaris 3



testResource

SPE End
-
User Directory

Training
-

Contractor Feed

Training
-

HR Feed


Selected Resources maps to waveset.original.resources (Resources curren
tly assigned to User).

Available Resources maps to

All Resources minus waveset.original.resources


What is the assigning reference to a value syntax?

<Argument name='id' value='$(WF_CASE_OWNER)'/>


Which Form Argument assigns the empty Form to checkoutVie
w
?

<Action name="Checkout User View"

application='com.waveset.session.WorkflowServices'>


<Argument name='op' value='checkoutView'/>


<Argument name='Form' value='$(emptyForm)'/>

-

Worked


<Argument name='NoForm' value='true'/>

-

Did not work.


Wh
at are some common button label, button command relationships?



HTML

post value


button class
property

label

command



Finish

Save



Submit

Save



Continue

Save



Cancel

SaveNoValidate

Task

completes






How are the Form buttons and Workflow vari
ables integrated?

Set here.

<Field button='true'>


<Display class='Button'>


<Property name='name' value='variables.formButton'/>


<Property name='label' value='Submit'/>


<Property name='command' value='Save'/>


<Property na
me='value' value='submit'/>


</Display>

</Field>


Referenced here.

<Transition to='Display Confirmation Page'>


<match>


<ref>formButton</ref>


<s>submit</s>


</match>

</Transition>


How does the <Timeout>

</ManualAction>

property w
ork?



<Timeout>


<i>20</i>


</Timeout>

</ManualAction>


>0 minutes, <0 seconds, =0 no expiration

Phase_4_Slide_Deck.pdf


A manual action has an attribute called timeout. This value is defined in

minutes if it is a positive number, or seconds
if it is a negative number.

<ManualAction name='approve' timeout='180'>

Conditional transition.

<ref>WF_ACTION_TIMEOUT</ref>


What Capability allows Users to see

/ run

Available Tasks.

Waveset Administrator


(there may be others)


When checking out a vie
w what is the best practices variable name?

<Variable name='user
'/>

<Argument name='op' value='checkoutView'/>

<Return from='view' to='user
'/>



Why is my task not listed?

http://localhost:8084/idm/task/taskList.jsp

Set task
visibility='runschedule'


How
do you customize Activity names in Process Diagram?

<ReportTitle>


<s>Checkout View
</s>

</ReportTitle>


How does the ignoreTimeout

M
anualAction attribute work?

How can I resolve the work item expired error message?

Silences error
.

<ManualAction ignoreT
imeout='true' ......


How do I resolve the following error?

com.waveset.util.WavesetException: Couldn't find method ... in class
java.lang.String


java.lang.NoSuchMethodException: java.lang.String.getApprovalTemplate()


Make sure th
e argument is a referen
ce.

<Argument name='approvals' value='$(approvals.approvals[Resource])'/>


<Argument name='approvals'>


<ref>approvals.approvals[Resource]</ref>

</Argument>


How do you integrate a custom form with a ManualAction?

<ManualAction id='0' name='Edit Request
' syncExec='true'>


<FormRef>


<ObjectRef type='UserForm' name='Training
-

End User Request Access'/>


</FormRef>


How does getApprovals work?

The Task level variable


<Variable name='approvals'/>

is set right after <
Argument> and just befo
re the <Return line.


An explicit Return to set the Task level approvals variable is not required.


<Activity id='4' name='Get Approvers'>


<Action id='0' name='Get Approvals'
application='com.waveset.provision.WorkflowServices'>


<Argument name=
'op' value='
getApprovals
'/>


<Argument name='user' value='$(user)'
/
>



<Return from='WF_ACTION_ERROR' to='error'/>


</Action>


<Transition to='Resource Owners Approval'/>

</Activity>


How does Configuration:Approval Evaluator
work?



Note only the Resource subset of
the approvals object submitted.


<Activity id='5' name='Resource Owners Approval'>

<Variable name='approved'/>


<Action id='1' name='Review' process='Configuration:Approval Evaluator'>


<Argument name='form' valu
e='Training
-

Resource Owner Approval'/>


<Argument name='approvals' value='$(approvals.approvals[Resource])'/>


<Return from='approvals.approved' to='approved'/>

</Action>


<Configuration

name='Approval Evaluator'>


<Extension>


<WFProcess name=
'Approval Evaluator' maxSteps='0' audit='true'>


<Configuration

name='Multi Approval'>


<Extension>


<WFProcess name='Multi Approval' maxSteps='0' audit='true'>


<Configuration

name='Approval'>


<Extension>


<WFProcess name='Approval' maxSteps='0'
audit='true'>


<Configuration name='Notify'>


<Activity name='Send Email' audit='true'>


What actually sends the email?

<Configuration name='Notify'>


<Activity name='Send Email' audit='true'>


What is the diffeence between the approvalForm and the a
pprovalTemplate?

The approvalForm, Training
-

Resource Owner Approval
,
is the User Form the app
rover sees
when processing the A
pproval. The approvalTemplate
,

EmailTemplate:ProvisioningApproval is
the Email Templaye sent to the approver.


How can I add an
End User Task?

http://localhost:8084/idm/debug/session.jsp


List Objects, Configurator, End User Tasks

<List>


<String>Training
-

End User Request Access</String>


<String>Training
-

End User Request Access.</String>

</List>



http://localhost:8084/i
dm/debug/session.jsp


List Objects, UserForm. End User Request Menu

<Field>


<Display class='Link'>


<Property name='name' value='Training
-

End User Request Access'/>


<Property name='URL' value='user/requestLaunch.jsp


?ne
wView=true&amp;


id=Training
-

End User Request Access'/>


</Display>

</Field>


C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\
apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
user
\
requestLaunch.jsp

form.setWorkItemURL("user/workItemEdit.jsp")
;

-

Add

String url = form.process(requestState);


How can I build a meaningful URL

?

From the workflow

<Variable name='workItemName'>


<invoke class="com.waveset.util.Util" name="getUniqueId"/>

</Variable>


From the Rule

<defvar name="urlBuilder">



<new class="com.waveset.util.URLBuilder">


<s>approval/itemEdit.jsp</s>


</new>

</defvar>



<cond>


<ref>workItemName</ref>


<invoke name="put">


<ref>urlBuilder</ref>


<
s>id</s>


<ref>workItemName</ref
>


</invoke>

</cond>


<invoke name="toString">


<ref>urlBuilder</ref>

</invoke>


What is ExposedVariable, EditableVariables syntax?

From Task to Work I
tem.

<ExposedVariables>



<ref>visibleVariables</ref>

</ExposedVariables>


From Work Item back
to Task.

Expose different variables to different split join simultaneous
approvers preventing collisions and overwrites.

<EditableVariables>


<ref>editableVariables</ref>

</EditableVariables>

Use
visibleVariables
,
editableVariables
.


Where is the Custo
m Build Environment (CBE) README.txt file?

C:
\
Documents and Settings
\
Michael Ciaccio
\
Idm
\
README.txt

NetBeans, Files, Idm, README.txt


How can I use a custom work item name, and prevent the system from generating one?


Inside
/ManualAction>

<WorkItemName
>


<ref>workItemName</ref>

</WorkItemName>


How can I insure the View is refreshed whenever the Page is reloaded?

Inside
/ManualAction>
, specify the view task variable

<ViewVariables>


<List>



<String>user</String>


</List>

</ViewVariables
>


How can
I add a link to a workflow?

C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\
apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
user
\

login.jsp

<%= form.generateHTML() %>

<p class='subtitle'>New Contractor? Click <A
HREF="<%=p.encodeRedirectURL("user
/anonProcessLaunch.jsp?id=Training+
-
+Anonymous+User+Registration")%>">here</A>.</p>


How do I ensure
anonymous

users are not prompted for a login name?

C:
\
Documents and Settings
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
user
\
anon
ProcessLaunch.jsp
.

String bodyAttributes = "onload=
\
"selectFirstEditField();
\
"";

if (session.getAttribute(LoginHelper.ANON_USER_ATTRIBUTE)==null)


session.setAttribute(LoginHelper.ANON_USER_ATTRIBUTE, "New Contractor");

From workflow trace

WF_CASE_OWNE
R = Temp:New Contractor

anonymousUser = New Contractor

Server tasks, All Tasks, Owner
-

Temp:New Contractor


How can I unconditional redirect the anonymous user back to the login page once the
Anonymous User Task, Workflow completes?

C:
\
Documents and Setti
ngs
\
Michael Ciaccio
\
.netbeans
\
5.5
\

apache
-
tomcat
-
5.5.17_base
\
webapps
\
idm
\
user
\
anonmain.jsp

Normally redirected to here
-

http://localhost:8084/idm/user/anonmain.jsp

Please select one of these options:

Start a Process

View Inbox

View Request Status

Req
uestState req = new RequestState(session, request, response, _wsSess, p);

if (true) {LoginHelper.redirect(req, out, "user/login.jsp"); return; }



How do I resolve the
-

View access denied to Reset on process Training
-

Anonymous User
Registration error?

L
ist Objects, Configuration,
Anonymous User Tasks

<List>


<String>Training
-

Anonymous User Registration</String>


<String>Request an Identity Manager account.</String>

</List>


What is the out of the box End User Anonymous Enrollment Task Definition,

Workflow?

End User Anonymous Enrollment


How do I resolve
---

View access denied to Subject Reset on Rule: Training
-

Generate Unique AccountId.

<Rule authType='EndUserRule' name='Training
-

Generate Unique AccountId'>

Note
authType

AND

<ObjectRef type=
'ObjectGroup' name='End User'/>




How are global.email and waveset.email integrated?

<Field name='global.email'>


<Display class='Label'>


<Property name='title' value='_FM_EMAIL'/>


</Display>


<Derivation>


<concat>


<ref>waveset.accountId</ref>


<s>@xyzcompany.com</s>


</concat>


</Derivation>

</Field>



<Field name='waveset.email'>


<Display class='Label'>


<Property name='title' value='_FM_EMAIL'/>


</Display>


<Expan
sion>


<ref>global.email</ref>


</Expansion>

</Field>


What Field is used for password synchronization?

<Field name='password.selectAll'>





How long does a Task remain in the Repository?

resultLimit

Specifies the limit in seconds that a task
instance is allowed to live after the task has completed.
Default is 0.

Once a task has completed or terminated, the TaskInstance containing the task result
is typically kept in the repository

for a designated period of time, after which it is automatical
ly
deleted. 0


Indicates that the TaskInstance will be deleted

immediately after the task is
c
omplete.
-
1


Indicates that the TaskInstance will never be automatically deleted, though it can
be manually deleted by

the user. This parameter is typically
set to a value that is equivalent to a
few days for tasks that generate reports for later analysis.

Set to zero for tasks that are run only
for side effect and do not generate any meaningful result.


Wha
t is the difference betweeen a c
ustom Task Name and
a default Task Name?


New Contractor Registration for

(

mi
chael.ciaccio 11/07/2008 @ 21:29
)


TASKC91AB9E973F25CC1:
-
53E6989:11D79A727C3:
-
7F45



How is a Task renamed?

<Activity name='Rename Task'>


<Action id='
-
1' process='Rename Task'>



<Argument name='name'>


<concat>


<s>New Contractor Registration for ( </s>


<ref>user.waveset.accountId</ref>


<invoke name='format'>


<new class='java.text.SimpleDateFormat'>


<s>MM/dd/yyyy @ HH:mm</s>



</new>


<new class='java.util.Date'/>


</invoke>


<s> )</s>


</concat>


</Argument>


</Action>


<Transition to="
end"/>

</Activity>


How does SET_RESULT_LIMIT work?

Workfl
ow Action within Activity that u
pdates the TaskInstance

level
result
L
imit parameter
.


Use built
-
in application to

override

resultLimit='86400'

specified in

TaskDefinition
.
Sets
ResultLimit for

Tas
kInstance in seconds
.
To immediately delete

TaskInstance, set to zero



<TaskDefinition name='' taskType='Workflow'
executor='com.waveset.workflow.WorkflowExecutor' suspendable='true'
syncControlAllowed='true' execMode='sync' execLimit='0'
resultLimit='8
6400'

resultOption='rename' visibility='runschedule' progressInterval='0'>


Result limit sets life time of a finished task before resultOption (value =
rename or delete) is taken
.




<Activity id='7' name='Clear Task Instance'>


<Action
id='0' application='SET_RESULT_LIMIT'>


<Argument name='limit' value='86400'/>

If zero immediate

immediate


</Action>

TaskInstance delete.


<Transition to='end'/>

</Activity>


How can I get a User attr
ibute?

<invoke name='getAttribute'>


<invoke name='getObject' class='com.waveset.ui.FormUtil'>


<ref>context</ref>


<s>User</s>


<ref>global.manager</ref>


</invoke>


<s>employeeId</s>

</invoke>


Alternate way

-

com.waveset.se
ssion.LocalSession getObject method.

com.waveset.object.PersistentObject getAttribute method.



Alte
rnate
way

-

com.waveset.session.LocalSession listObjects method.

com.waveset.object.QueryResult toList method.



How can I get a Users organization?

<invok
e name='getOrgan
izationDisplayableNameByUserId'
class='com.waveset.ui.FormUtil'>


<ref>context</ref>


<list>


<ref>global.manager</ref>


</list>

</invoke>


What is the relationship between the workflow global name space and called Rules?

Th
e global name space is available to the Rule. Explicitly passing global arguments from the
workflow to the Rule is not required.


What is the relationship between the accounts[Resource Name].attributeName name spaced
and the global name space?

If the gl
obal.attributeName has a value, the corresponding

accounts
[Resource Name].attributeName will assume that value.


What Sun Identity Manager classes manage Dates?

<invoke name='dateToString' class='com.waveset.util.Util'>


<ref>Contract Start</ref>



<s>yyyy
-
MM
-
dd</s>

</invoke>


What
is the difference between the Recalculate and Refresh buttons?

Recalculate

is form centric, Expansion, Derivation etc.

Refresh

gets the attribute values from the
target Resources.



What are some tested examples

of Variables available in the email template?

<TaskDefinition name='Training
-

Anonymous User Registration'


<Activity
name='Project Manager Review'>


<Action
name='Review' process='Configuration:Approval Evaluator'>



<Argument name='form' value
='Training
-

Project Manager Review Form'/>



<Argument name='approvals' value='$(approvals.approvals[Role])'/>



<Argument name='template' value='Training
-

New Registration



Approval'/>



<Argument name='testAttribute1' valu
e='testValue1'/>



<Return from='approvals.approved' to='approved'/>


</Action>


<Configuration name='Training
-

Approval'>

<Activity id='1' name='Notify' audit='true'>


<Action id='0' process='Notify'>



<Argument nam
e='template' value='$(approvalTemplate)'/>



<Argument name='to' value='$(approver)'/>


<Argument name='testAttribute2' value='testValue2'/>


</Action>


$(testAttribute1), $(testAttribute2), $(user) view, are ALL available in the
email temp
late.


What is an example of a singleApprovalProcess?

<TaskDefinition name='Training
-

Anonymous User Registration'


<Extension>

<WFProcess name='Training
-

Anonymous User Registration' maxSteps='0'>



<Variable name='singleApprovalProcess' value='Train
ing
-

Approval'/>





What is an example of a working custom approvalLink

<Configuration name='Training
-

Appr
oval'
>


<Activity
name='Notify' audit='true'>


<Variable name='approvalLink'>


<rule name='Training
-

Build Approval URL'>


<argument name='workItemName'>



<ref>workItemName</ref>


</argument>


</rule>


</Variable>

Note



Training


Approval
” is an edit of the out of the box Approval workflow

sub
-
process.
<Configuration name='Approval'


Wha
t is Log Comments?

<Comments>A library field that allows arbitrary approver comments to be included in the audit
log.</Comments>


What is the c
ommon approval process for a single user?

<Configuration name='Training
-

Appr
oval'
>


<Extension>


<WFProcess

name='Approval' maxSteps='0' audit='true'>


<Comments>
Common approval process for a single user.


How

do the forms manage
encrypted

data?

Initial Form
-

set secret=‘
true
’.

Look
-

idm/debug/session.jsp, List Objects, TaskInstance

<EncryptedData>56D3
5D2F221C8D0E:19212AE6:11CEB1A3FED:
-
7FFE|VQL83PMBFvo6xNo6nJ5WdQ==</EncryptedData>


Then in subsequent

Form

<invoke name='decryptToString'>


<ref>accounts[Resource Name].attributeName
</ref>

</invoke>


Where is BASE HREF set?

i
dm/config/
Waveset.properties

ui.web.useBaseHref=true

ui.web.baseHrefURL=


Can
workflow variable
error be referenced outside of an Activity or Action?

Yes. See <Configuration name='Lighthouse Approvals'

<Transition to='end'>


<Comments>Terminate if we encounter unusual errors (not
provisioning


errors).</Comments>


<ref>error</ref>

</Transition>


In vi how do I remove control M?

s/
control Vcontrol M//g


How do I hide Activities from Task Results, Workflow Status, Process Diagram?

<Activity id='1' name='Create User View'
hi
dden='true'
>


How can I pass a variable from the workflow to checkinView, on through
to
Lighthouse

Approvals
?

<Activity id='14' name='Checkin View'>


<Action id='1' application='com.waveset.session.WorkflowServices'>


<Argument name='op' value=
'checkinView'/>


<Argument name='view' value='$(user)'/>


<Variable name="user.disableCreateApprovals"

value="true"/>



<Configuration name='Lighthouse Approvals'


<Activity id='0' name='start'>


<Transition to='end'>


<and>





<isnull>



<ref>user.waveset.id</ref>



</isnull>



<isTrue>





<ref>
user.
disableCreateApprovals</ref>

note


nothing else



</isTrue>







needed.

Variable


</and>








part of t
he user











view.

Where

is the
Resource Adapter trace

configuration
stored?

idm/debug/session.jsp. List Objects, Configuration, System Configuration

<Configuration name='System Configuration'>


<Extension>


<Object>


<Attribute name='trace
Config'>


A Rule gives unexpected results when invoked from a User Form how can I fix this?

<RunAsUser>


<ObjectRef type='User' name='Configurator'/>

</RunAsUser>


Or place the XPRESS in the User Form.



How does Configuration:Approval Evaluator
work? What
sub processes

are called and in
what order?

How can I limit the approvals to a subset of approvers?

Note approver User Form.

Note approver Email Template.

Note approval object subset [Role].





<TaskDefinition name='
Training
-

Anon
ymous User Registration
'



<Extension>


<WFProcess name=
'Training
-

Anonymous User Registration'

maxSteps='0'>


<Variable name='user'/>


<Variable name='approvals'/>


<Variable name='error'/>


<Variable

name='
singleApprovalProcess
'


value='
Training
-

Approval
'/> note
-

sets
singleApprovalProcess


<Activity id='8' name='
Project Manager Review
'>


<Variable name='approved'/>


<Action id='0' name='Review' process='
Configuration:Approval Ev
aluator
'>


<Argument name='form' value='
Training
-

Project Manager Review Form
'/>



Note subset of approvals object.



<Argument name='approvals' value='$(
approvals.approval
s[Role]
)'/>



<Argument name='template' value='
Training

-

New Registration

Approval
'/>



<Return from='approvals.approved' to='approved'/>


<Configuration name='
Approval Evaluator
'>

<Configuration name='
Multi Approval
'>

<Configuration name='
Approval Evaluator
'>

<Configuration name='
Training
-

Approval
'> driven by <Variable

<Configuration name='
Notify
'>

name='
singleApprovalProcess
'

<Configuration name='
Training
-

Approval
'>

<Configuration name='
Multi Approval
'>

<Configuration name='
Approval Evaluator
'>

<Configuration name='
Multi Approval
'>

<Configuration name='
Approval Evaluator
'>

How does
Configuration:Training
-

Approval

work? What sub processes are called and in
what order?

Note approver User Form.

Note approver Email Template.

Note approver designation.


<TaskDefinition name='
Train
ing
-

Anonymous User Registration
'



<Extension>


<WFProcess name=
'Training
-

Anonymous User Registration'

maxSteps='0'>


<Activity id='11' name='
HR Approval
'>


<Variable name='approved'/>


<Variable name='
approvalForm
' value='Training
-

HR

Review Form'/>


<V
ariable name='
approvalTemplate
'


value='Training
-

New Registration Approval'/>


<Action id='0' process='
Configuration:Training
-

Approval
'>


<Argument name='
approver
' value='hrRep'/>


<Argume
nt name='objectType' value='ObjectGroup'/>


<Argument name='objectName' value='$(user.waveset.organization)'/>


<Argument name='request'>


<concat>


<ref>user.accounts[Corporate LDAP].division</ref>



<s> Approval: </s>


<ref>user.waveset.accountId</ref>


</concat>


</Argument>


<Argument name='description' value='HR approval of new contractor



assignment.'/>



<Return from='approved' to='approved'/>


</Action>


<Configuration name='
Training
-

Approval
'>

<Configuration name='
Notify
' >


Where is

a
Task
’s

expiration date posted?

Server Tasks, All Tasks, Select Task.


After I run my custom workflow accou
nts are locked. What’s wrong?

Verify the view is checked in after being checked out.


How can I add a single approver to an out of the box workflow?

Note Email Template.

Note approvalForm.

Note approver.

<Activity id='8' name='Manager Approval'>


<Comme
nts>Note Addition of a Single Approver.</Comments>


<Comments>Note custom approval form
-

approvalForm Argument</Comments>


<Variable name='managerApproved'/>


<Action id='0' name='Single Approval' process='Approval'>


<Argument name='user' value='$(
user)'/>


<Argument name='approvalTemplate'/>


<Argument name='approvalForm' value='Training
-

Manager Project Approval'/>


<Argument name='approver' value='$(user.accounts[Lighthouse].idmManager)'/>


<Argument name='requester'/>


<Argument
name='objectType'/>


<Argument name='objectName' value='$(user.waveset.organization)'/>


<Argument name='request' value='Approve project assignment'/>


<Argument name='description' value='Please approve or disapprove this


reque
st to add this employee to a project.'/>


<Argument name='diagramLabel' value='Project Add Approval'/>


<Argument name='visibleVariables'/>


<Argument name='editableVariables'/>


<Argument name='timeout' value='4320'/>


<Argument name='retri
es'/>


<Argument name='escalators'/>


<Return from='approved' to='managerApproved'/>


</Action>




What field is required for Active Sync Resource Account deletes?

<Field name='resourceAccounts.selectAll'>


How can I get the session in a
User Form?

<ref>context</ref>

<ref>:display.session</ref>

com.waveset.session.LocalSession


How can I get the S
ubject from the session?

getSubject method of the
com.waveset.session.LocalSession

class.

com.waveset.object.Subject


How
can I get the logged in

accountI
d?

getName() method of the com.waveset.object.Subject class.

Example


the logged in accountId.


How can I get the options of the Subject class?

getOptions() method of the com.waveset.object.Subject class.

java.util.Map returned.

Example


Note IP

address retrieved from session.

{locale=en_US,

SessionID=#SESS#37CB61F8F3397D86:1AA398A3:11B114D5BE2:
-
7FB8,

Client IP=127.0.0.1, loginApplication=Administrator Interface}








How can I get and use the IP

address?

getOptions method of the com.waveset.o
bject.Subject class.

“Client IP” argument

Example
-

127.0.0.1

Conditional workflow inter
-
Activity Transitions.

IP Address driven, if IP not trusted
, i
mmediate Transition to end Activity mitigating sensitive

Sun Identity Manager access and risk.



How can I

get and use an XML representation of the Subject class?

toXml() method of the com.waveset.object.Subject class

Example
-

<Subject name='bobby' readOnly='true' subjectTimeout='3600000'


Value


debugging, attribute name (key)
-

value pair identification.


When is the attributes name space used?

Within the context of a
subtype='IdentityRule'

used to build the second, subsequent
, multiple

concrete Resource accountId
(s)

mapping back to the same
Sun Identity Manager

VID (virtual
identity).

<Rule subtype='Ident
ityRule' name='Training
-

Multiple Account Rule'>


<concat>


<s>adm_</s>


<ref>attributes.accountId</ref>


</concat>


How is the Resource changed when set up for multiple concrete Resource accounted(s)?


<AccountTypes>


<Map>



<MapEntry
key='admin'>



<ObjectRef type='Rule'

name='Training
-

Multiple Account Rule'/>



</MapEntry>


</Map>

</AccountTypes>


How are the multiple Resource concrete identities represented in the User Form?

Edit User, Assignments, Individual Re
source Assignment, Current Resources

Resource|admin. Note

the pipe between the Resource name and the account type.


How is the
multiple Resource concrete identit
y written the simulated Resource XML file?

<Object name='
adm_tuser
'>

note the prefix from the
IdentityRule
.


<Attribute name='attribute1' value='value1'/>


<Attribute name='password'>


<EncryptedData>56D35D2F221C8D0E:19212AE6:11CEB1A3FED:
-
7FFE|9icdoneljZw=</EncryptedData>


</Attribute>


Where can I see Assigned Resources, and Current Resourc
e Accounts to include
multiple
Resource accounts?

Edit User, Account Information
.


What is the XPRESS reference of the
multiple Resource accounts and the attributes of that
account?

<Field name='accounts[testResource|admin].attribute1'>

tuser (test user)
has a second admin account. The above XPRESS references an attribute of the
second admin account.




What are some of the relationships between link, unlink, reconciliation situations and
responses?

DELETED


Resource Account not there.

Unlink resource

account from user


FOUND


The user says the account may exist, and the resource says that the account does exist
.
Resource assigned. User is unlinked from account. Possible response
-

Link resource account to
user
.


MISSING


The user says the account

may exist, but the resource says that the account does not
exist.
No
Resource
Account, Resource Assigned

to user,
Resource unlinked from user.

Account
Index
-

Recreate Account on Resource,
Unlink resource account from user
, Recon policy
-

Create
resource

account for user


UNASSIGNED


Link resource account to user.


UNMATCHED
-

Resource account does not match any users.



What are the IdM object naming conventions?

Using a Rule as an example;

<Rule name='Menfi
-

Oleron Team'>

The name is Training
-

Olero
n Team, case sensitive, spaces count

The corresponding file name is Rule_Menfi
-
OleronTeam.xml
\

The spaces are removed, the IdM object type is the prefix.


Which file did you use when you began custom Resource Adapter development?

SimulatedResourceAdapter.j
ava


Which classpath jar files were needed for compile?

idmadapter.jar
,
idmcommon.jar


How did you compile when you began custom Resource Adapter development?

javac SimulatedResourceAdapter.java





Glossary


CBE




Configuration Build Environment

HSQLDB



Hyperthreaded Structured Query Language Database, http://hsqldb.org/

IDE




Integrated Development Environment

IdM




Identity Manager, Sun Identity Manager

J2EE




Java 2 Platform Enterprise Edition

JDK




Java Development Kit


Provision



Adds a concr
ete identity to Sun Identity Manager Resource.

De



Provision deletes a concrete identity from a Sun Identity Manager


Resource.

Re
-
provision



Changes a concrete identity on a Sun Identity M
anager Resource.


Repository



Sun Identity Manager data store


Resources



End points, targets of provisioning


Sun IdM



Sun Identity Manager


Target of provisioning


A Resource managed by Sun Identity Manager


VID




Virtual Identity









"Copyright 2008 by [Michael Ciaccio/Menfi Systems Incorporated]"