[midPoint] Invoke workflow during attribute changing

Roman Pudil - AMI Praha a.s. roman.pudil at ami.cz
Tue Feb 23 14:40:52 CET 2016 

Hi Pavol,
first thing - thanks for very very quick answer! :-)
Yes, You understand it correctly. LoginName in authoritative app is not 
necessary, its only one of possibilities - see later.
I have two ideas - see scenarios:
First choice - login is in authoritative app:
1) user is Jana Novakova, login name jana.novakova is in authoritative 
app, in midPoint and in all other apps.
2) user change last name to Svobodova; loginname in authoritative app is 
changed to jana.svobodova, midPoint invokes workflow "changing 
loginname" to jana.svobodova, nothing changes in all other apps
3) workflow is approved, loginName is changed in all others apps.
Second choice - login is not in authoritative app, login generates in 
midPoint:
1) user is Jana Novakova, login name jana.novakova is in midPoint and in 
all other apps.
2) user change last name to Svobodova; last name in midPoint is changed 
to Svobodova, midPoint invokes workflow "changing loginname" to 
jana.svobodova, nothing changes in all other apps
3) workflow is approved, loginName is changed in all others apps.

Simpler solution is better solution... :-)

Regards!
Thanks!

Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz





Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.



------ Původní zpráva ------
Od: "Pavol Mederly" <mederly at evolveum.com>
Komu: midpoint at lists.evolveum.com
Odesláno: 23.2.2016 14:11:29
Předmět: Re: [midPoint] Invoke workflow during attribute changing

>Hello Roman.
>
>Current implementation of workflows is aimed towards approving so 
>called primary changes - i.e. changes explicitly requested by user (via 
>GUI) or external application (via SOAP, REST or Java API). We could 
>potentially deal also with changes coming from resources, but it is a 
>bit more tricky.
>
>Before trying to answer your question I'd need to understand it more 
>deeply. So, you have an authoritative resource. When a login name 
>changes on that resource for an account, currently this change is 
>propagated to other resources. And you'd like to be able to control 
>this process: i.e. either allow or disallow the change on connected 
>resources.
>
>My questions are:
>
>1) Do I understand it correctly?
>
>2) Is the allow/reject decision of "all or nothing" nature, i.e. is the 
>login name change either allowed on all resources, or rejected for all 
>resources? Or you'd like to be able to say: "allow change on resources 
>1, 2, 3 but not on resources 4, 5, 6" ?
>
>3) What about reconciliations? Imagine that you rejected a change 
>today. But (let's say) tonight there will be another reconciliation and 
>the change would pop up again. The workflow would be started again, and 
>again it should be either allowed and rejected. And so on, and so on - 
>each time when the reconciliation would be run. What to do with this?
>
>Best regards,
>Pavol
>
>On 23.02.2016 13:58, Roman Pudil - AMI Praha a.s. wrote:
>>Hi all,
>>how to invoke workflow when changing some identity attribute?
>>I want invoke workflow in midPoint, during loginname in authoritative 
>>resource changing. I don't want to change loginname automaitcally in 
>>all connected resources. I want to control it.
>>
>>Thanks!
>>
>>Regards
>>
>>Roman Pudil
>>solution architect
>>
>>gsm: [+420] 775 663 666
>>e-mail: roman.pudil at ami.cz
>>
>>
>>AMI Praha a.s.
>>Pláničkova 11
>>162 00 Praha 6
>>tel./fax: [+420] 274 783 239
>>web: www.ami.cz
>>
>>
>>
>>
>>
>>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
>>společnost AMI Praha a.s.
>>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>výhradně písemnou formu.
>>
>>
>>
>>_______________________________________________ midPoint mailing list 
>>midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160223/5d5fa603/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4060 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160223/5d5fa603/attachment.bin>

More information about the midPoint mailing list