[midPoint] create approval workflow from liveSync

Pavol Mederly mederly at evolveum.com
Wed Jun 13 09:56:30 CEST 2018


Marco,

yes it is here: https://wiki.evolveum.com/display/midPoint/Scripting+Hooks

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 11.06.2018 13:01, Marco Benucci wrote:
>
> Thank you Pavol,
>
> we were thinking that the reaction to the liveSync unmatched could be 
> "add user" and with an object template we could disable the newly 
> created user (and the account too) or expire the password (or even both).
>
> The approval could be about 2 request:
> 1) adding the role that grants access to that resource
> 2) enabling the user and the account
>
> If the approval were rejected, it could be possibile to delete the 
> user and the account through an hook, I suppose...
>
> I would like to give it a try.
> What about the "custom scripting hook" to create an approval?
> Is there something on the wiki that talk about this?
>
> Thank you,
> Marco
>
>
>
> On 06/11/2018 11:24 AM, Pavol Mederly wrote:
>>
>> Marco,
>>
>> this question have been discussed here a couple of times already. The 
>> answer is "currently not" - at least not in a simple way.
>>
>> The basic reason is that it is unclear how should midPoint react to 
>> rejection of the approval. A naive approach (i.e. rejection means the 
>> user would not be created) means that the same approval request would 
>> pop up on next reconciliation; or on any other occasion where 
>> midPoint learns that there's an unmatched account.
>>
>> Maybe there could be a workaround like
>>
>>  1. LiveSync would create user with the lifecycle state of Proposed.
>>  2. An approval of switching the state to Active would be (somehow)
>>     started.
>>  3. If the approval would be completed positively, the user would be
>>     activated. Otherwise it would stay in Proposed state.
>>
>> I am not quite sure how the step 2 should be implemented. It could be 
>> certainly done by a custom scripting hook. (Maybe a policy rule could 
>> be used as well but I am not sure.)
>>
>> Best regards,
>>
>> Pavol Mederly
>> Software developer
>> evolveum.com
>> On 04.06.2018 16:50, Marco Benucci wrote:
>>>
>>> Hi,
>>>
>>> would it be possible to create an approval process strarting from a 
>>> LiveSync "reaction"?
>>>
>>> For example:
>>>
>>> I'd like to create an approval workflow about the creation of a user 
>>> created by anĀ  "adduser" reaction from an "unmatched" result 
>>> discovered by liveSync looking for new accounts on a resource.
>>>
>>> Could it be possible?
>>>
>>> Thank you,
>>> Marco
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180613/619f6771/attachment.htm>


More information about the midPoint mailing list