[midPoint] JMS based workflow configuration
Prabhakara Rao Doddapaneni
dp_rao at yahoo.com
Sat Mar 25 16:58:37 CET 2017
Thank you, Pavol! Your explanation encourages me to go ahead and create an interface - something like a connector. Will update you back what i could do for it once i create the code and test it.
From: "midpoint-request at lists.evolveum.com" <midpoint-request at lists.evolveum.com>
To: midpoint at lists.evolveum.com
Sent: Tuesday, March 21, 2017 6:16 AM
Subject: midPoint Digest, Vol 59, Issue 119
Send midPoint mailing list submissions to
midpoint at lists.evolveum.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.evolveum.com/mailman/listinfo/midpoint
or, via email, send a message with subject or body 'help' to
midpoint-request at lists.evolveum.com
You can reach the person managing the list at
midpoint-owner at lists.evolveum.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of midPoint digest..."
Today's Topics:
1. Re: JMS based workflow configuration (Pavol Mederly)
2. Re: org approver usage in workflow (Pavol Mederly)
----------------------------------------------------------------------
Message: 1
Date: Tue, 21 Mar 2017 10:57:01 +0100
From: Pavol Mederly <mederly at evolveum.com>
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] JMS based workflow configuration
Message-ID: <35645462-bac3-c498-b382-d3ac61484643 at evolveum.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello,
actually, some years ago, when we started to implement midPoint at the
largest Slovak university, we came across the same situation. Systems at
that university exchanged identity information primarily by JMS. I've
even hacked a code into midPoint that used Apache Camel to listen on JMS
destinations and processed incoming messages.
But the solution was not well-thought, so I erased the code. We
eventually went by using SQL connector to read data synchronously from a
database table.
During all the time I came across similar requirements once more; for
another European customer. And now, thinking about it again, I think
this could be doable.
Technically, instead of using synchronize() method which fetches changes
from resource and feeds them to notifyChange() method, we would simply
pull changes from JMS queue/topic and feed them to notifyChange().
This is the live sync part. However, besides that, a reconciliation
would need to be implemented somehow. E.g. by fetching a big CSV file
and processing it using traditional approach.
Overall, the live sync part presents a bit of technical work, but
architecturally it would fit. So maybe a few MDs of work. You could
perhaps even do it yourself (notifyChange is part of a public midPoint API).
Hope this helps,
Pavol Mederly
Software developer
evolveum.com
On 20.03.2017 16:29, Prabhakara Rao Doddapaneni wrote:
> Is this something new I am trying to do with midPoint?
>
>
> Date: Mon, 6 Mar 2017 19:30:26 +0000 (UTC)
> From: Prabhakara Rao Doddapaneni <dp_rao at yahoo.com
> <mailto:dp_rao at yahoo.com>>
> To: "midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>"
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> Subject: [midPoint] JMS based workflow configuration
> Message-ID: <1001644321.2237664.1488828626312 at mail.yahoo.com
> <mailto:1001644321.2237664.1488828626312 at mail.yahoo.com>>
> Content-Type: text/plain; charset="utf-8"
>
> One of my resources cannot be configured to respond to sync poll. I
> plan to send a message in JMS Q so that midpoint can listen to that
> message and reconcile/add the user into repository. What is the ideal
> solution to achieve this? has anybody come across this situation?
> Thanks,Prabhakar.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20170321/65f9fe68/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 21 Mar 2017 11:11:52 +0100
From: Pavol Mederly <mederly at evolveum.com>
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] org approver usage in workflow
Message-ID: <cfbe1da4-cd03-a343-db56-25dbfc65315d at evolveum.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello Oskar,
currently I can think of only two solutions:
1. using approverExpression, as you mentioned;
2. using global policy rules.
Each global policy rule has two selectors that drive its application:
focusSelector and targetSelector. In your case, targetSelector should
point to the role(s) that have to be approved. And focusSelector should
point to to the user(s) to which the role is to be assigned. One of
possibilities how to select objects is using organization membership, so
this is applicable to your situation.
The disadvantage of using global policy rules is that you have to use
one such rule for each approver. And you have to duplicate the approval
action information (or use some advanced composition techniques to mix
"bare" approval action information containing only the approverRef with
all the common settings that would come through another assignment
policy rule).
But, overall, your use case of defining an approver for requester's org
membership is interesting. You might create a jira for that. However, in
the current rush it is not very likely we'd be able to implement it in 3.6.
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 20.03.2017 15:53, Oskar Butovič - AMI Praha a.s. wrote:
> Hello everybody,
>
> I need to define approver for role by org structure.
>
> Users from each organization subtree have different approver for same
> role.
>
> Can it be done by org:approver? Following configuration ignores
> organization membership of user which requests approved role.
>
> I have assignment on my approver:
> <assignment id="3">
> <metadata>
> <requestTimestamp>2017-03-20T14:38:40.330+01:00</requestTimestamp>
> <requestorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- --></requestorRef>
> <createTimestamp>2017-03-20T14:38:41.434+01:00</createTimestamp>
> <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- --></creatorRef>
>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</createChannel>
> </metadata>
> <targetRef
> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
> oid="e19d0f9f-7c57-4597-94a1-6e1de6676db9"
> relation="org:approver"
> type="c:RoleType"><!-- --></targetRef>
> <activation>
> <effectiveStatus>enabled</effectiveStatus>
> </activation>
> <orgRef oid="daf3c536-817f-460a-b2b4-a243e3ac8db5"
> type="c:OrgType"><!-- --></orgRef>
> </assignment>
> ------------------------------------------------------------------------------------------------
>
> Next i have configured metarole and assigned it to role
> e19d0f9f-7c57-4597-94a1-6e1de6676db9 . Metarole:
> <role
> xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:gen45="http://prism.evolveum.com/xml/ns/public/debug"
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> oid="org-approver-approved-meta-role" version="10"
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> <name>Org Approver Approved Role</name>
> <inducement>
> <policyRule>
> <policyConstraints>
> <assignment/>
> </policyConstraints>
> <policyActions>
> <approval>
> <compositionStrategy>
> <order>40</order>
> </compositionStrategy>
> <approvalSchema>
> <level>
> <name>Org Approvers</name>
> <approverRelation>approver</approverRelation>
> <evaluationStrategy>firstDecides</evaluationStrategy>
> </level>
> </approvalSchema>
> </approval>
> </policyActions>
> </policyRule>
> </inducement>
> </role>
> ------------------------------------------------------------------------------------------------
>
> This seems to ignore orgRef in assignment. When I try
> <approverRelation>org:approver</approverRelation> midpoint thinks that
> org: is namespace prefix. (Undeclared namespace prefix 'org' in
> 'org:approver'). Is there any configurational way aroud or do I have
> to make approverExpression script?
>
>
> Best Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
>
>
> AMI Praha a.s.
>
>
> AMI Praha a.s.
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20170321/b16d4bba/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
------------------------------
End of midPoint Digest, Vol 59, Issue 119
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170325/c8e01104/attachment.htm>
More information about the midPoint
mailing list