<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes. That was an attempt to show an example how 'attribute changing
aspect' could look like.<br>
The GUI should be somehow hackable through QuestionForm and related
prism objects, but it is quite ugly. (That's why I'm reworking it
now.)<br>
<br>
Hopefully 3.4 would be either released or at least working well
enough to be used when deployment is due. :)<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 15:58, Roman Pudil - AMI
Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:ema2a5c101-7d1a-4ab5-80e4-37a578cef14e@rpudil-dell7440"
type="cite">
<style id="eMClientCss">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
.plain pre, .plain tt { font-family: monospace; font-size: 100%; font-weight: normal; font-style: normal;}
a img { border: 0px; }body {font-family: Tahoma;font-size: 12pt;}
.plain pre, .plain tt {font-family: Tahoma;font-size: 12pt;}
<![CDATA[BLOCKQUOTE.cite2 {
MARGIN-TOP: 3px; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
.plain PRE {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
.plain TT {
FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal
}
A IMG {
BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px
}
#x1af43c66bde24f3596443c2267f6ce98 {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#x5092e65317d44284bcc3d19ee8fc52eb {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain PRE {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain TT {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
BODY {
FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#x5092e65317d44284bcc3d19ee8fc52eb BLOCKQUOTE.cite {
PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
]]></style>
<style>#x6442b05c4cb6479a8ea4ee9a7054051a .plain PRE, #x6442b05c4cb6479a8ea4ee9a7054051a .plain TT
{FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal}
#x6442b05c4cb6479a8ea4ee9a7054051a A IMG
{BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px}
#x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98, #x6442b05c4cb6479a8ea4ee9a7054051a .plain PRE, #x6442b05c4cb6479a8ea4ee9a7054051a .plain TT, #x6442b05c4cb6479a8ea4ee9a7054051a
{FONT-SIZE: 12pt; FONT-FAMILY: Tahoma}
#x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98 .plain TT
{FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal}
#x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98 A IMG
{BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px}
#x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98, #x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x6442b05c4cb6479a8ea4ee9a7054051a #x1af43c66bde24f3596443c2267f6ce98 .plain TT
{FONT-SIZE: 12pt; FONT-FAMILY: Tahoma}
</style>
<div>Hi Pavol,</div>
<div>thanks!</div>
<div> </div>
<div>I tried ChangePassword Aspect (published somewhere in
examples), it is very close to changing aspect. Creating
workflow works fine, but it seems, that other steps - code
around approval GUI - are missing.</div>
<div> </div>
<div>Now I analyze processes for customer, the planned deployment
is around 2 months.</div>
<div> </div>
<div>Tahks!</div>
<div>Regards</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; COLOR:
rgb(0,0,0); FONT: medium 'Times New Roman'; WIDOWS: 1;
LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)"
colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT: bold">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true" href="http://www.ami.cz/"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img moz-do-not-send="true" title="AMI Praha a.s."
alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
moz-do-not-send="true" alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<div> </div>
<div> </div>
<div>------ Původní zpráva ------</div>
<div>Od: "Pavol Mederly" <<a moz-do-not-send="true"
href="mailto:mederly@evolveum.com">mederly@evolveum.com</a>></div>
<div>Komu: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></div>
<div>Odesláno: 23.2.2016 14:52:17</div>
<div>Předmět: Re: [midPoint] Invoke workflow during attribute
changing</div>
<div> </div>
<div id="x6442b05c4cb6479a8ea4ee9a7054051a" style="COLOR: #000000">
<blockquote class="cite2" cite="56CC6411.1050104@evolveum.com"
type="cite">From the point of workflow module, the second
option is much easier to implement. The only thing to do is to
create so called "change aspect" - a piece of code that
detects that the login name attribute is to be changed.
Currently we have a lot of ready-made "change aspects" for
detecting assignment creation/modification, object creation
etc. (see <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://wiki.evolveum.com/display/midPoint/Workflow+configuration">https://wiki.evolveum.com/display/midPoint/Workflow+configuration</a>)
but this one is not there yet.<br>
<br>
Workflow module is designed so that customers/partners can add
their own change aspects, so it would not be a big problem.<br>
<br>
However, as currently I'm reworking GUI for approvals anyway,
I can implement also this change aspect. I think it's
generally useful (when made configurable e.g. to choose what
are the 'critical' attributes to watch), and quite easy to do.
<br>
<br>
In what time frame do you need this feature? It should be part
of 3.4, to be out this spring.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 14:40, Roman Pudil
- AMI Praha a.s. wrote:<br>
</div>
<blockquote class="cite"
cite="mid:emf2846bcb-45e5-4896-a8db-16a3eb81d80b@rpudil-dell7440"
type="cite">
<style><![CDATA[#x1af43c66bde24f3596443c2267f6ce98 BLOCKQUOTE.cite2
{MARGIN-TOP: 3px; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px}
#x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x1af43c66bde24f3596443c2267f6ce98 .plain TT
{FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: normal}
#x1af43c66bde24f3596443c2267f6ce98 A IMG
{BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px}
#x1af43c66bde24f3596443c2267f6ce98 .plain PRE, #x1af43c66bde24f3596443c2267f6ce98 .plain TT, #x1af43c66bde24f3596443c2267f6ce98
{FONT-SIZE: 12pt; FONT-FAMILY: Tahoma}
]]></style>
<div>Hi Pavol,<br>
first thing - thanks for very very quick answer! :-)<br>
Yes, You understand it correctly. LoginName in
authoritative app is not necessary, its only one of
possibilities - see later.<br>
</div>
<div>I have two ideas - see scenarios:<br>
</div>
<div>First choice - login is in authoritative app:<br>
1) user is Jana Novakova, login name jana.novakova is in
authoritative app, in midPoint and in all other apps.<br>
2) user change last name to Svobodova; loginname in
authoritative app is changed to jana.svobodova, midPoint
invokes workflow "changing loginname" to jana.svobodova,
nothing changes in all other apps<br>
3) workflow is approved, loginName is changed in all
others apps.<br>
</div>
<div>Second choice - login is not in authoritative app,
login generates in midPoint:<br>
1) user is Jana Novakova, login name jana.novakova is in
midPoint and in all other apps.<br>
2) user change last name to Svobodova; last name in
midPoint is changed to Svobodova, midPoint invokes
workflow "changing loginname" to jana.svobodova, nothing
changes in all other apps<br>
3) workflow is approved, loginName is changed in all
others apps.</div>
<div> </div>
<div><span id="xcb69f933c1634f79993670e28a63cb28"
style="BACKGROUND-COLOR: #ffffff"></span></div>
<div>Simpler solution is better solution... :-)</div>
<div> </div>
<div>Regards!</div>
<div>Thanks!</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none;
COLOR: rgb(0,0,0); FONT: medium 'Times New Roman';
WIDOWS: 1; LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR:
rgb(0,0,0)" colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT:
bold">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px
solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR:
rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.ami.cz/"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px
solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img title="AMI Praha a.s." alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
moz-do-not-send="true" border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"
moz-do-not-send="true"><img alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
moz-do-not-send="true" border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI Praha
a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<div> </div>
<div> </div>
<div>------ Původní zpráva ------</div>
<div>Od: "Pavol Mederly" <<a
href="mailto:mederly@evolveum.com"
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:mederly@evolveum.com">mederly@evolveum.com</a></a>></div>
<div>Komu: <a href="mailto:midpoint@lists.evolveum.com"
moz-do-not-send="true">midpoint@lists.evolveum.com</a></div>
<div>Odesláno: 23.2.2016 14:11:29</div>
<div>Předmět: Re: [midPoint] Invoke workflow during
attribute changing</div>
<div> </div>
<div id="x1af43c66bde24f3596443c2267f6ce98" style="COLOR:
#000000">
<blockquote class="cite2"
cite="56CC5A81.9080508@evolveum.com" type="cite">Hello
Roman.<br>
<br>
Current implementation of workflows is aimed towards
approving so called primary changes - i.e. changes
explicitly requested by user (via GUI) or external
application (via SOAP, REST or Java API). We could
potentially deal also with changes coming from
resources, but it is a bit more tricky.<br>
<br>
Before trying to answer your question I'd need to
understand it more deeply. So, you have an authoritative
resource. When a login name changes on that resource for
an account, currently this change is propagated to other
resources. And you'd like to be able to control this
process: i.e. either allow or disallow the change on
connected resources.<br>
<br>
My questions are:<br>
<br>
1) Do I understand it correctly?<br>
<br>
2) Is the allow/reject decision of "all or nothing"
nature, i.e. is the login name change either allowed on
all resources, or rejected for all resources? Or you'd
like to be able to say: "allow change on resources 1, 2,
3 but not on resources 4, 5, 6" ?<br>
<br>
3) What about reconciliations? Imagine that you rejected
a change today. But (let's say) tonight there will be
another reconciliation and the change would pop up
again. The workflow would be started again, and again it
should be either allowed and rejected. And so on, and so
on - each time when the reconciliation would be run.
What to do with this?<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<div class="moz-cite-prefix">On 23.02.2016 13:58, Roman
Pudil - AMI Praha a.s. wrote:<br>
</div>
<blockquote class="cite"
cite="mid:em2d673800-bca0-4d93-b3a6-436782bbde41@rpudil-dell7440"
type="cite">
<div>Hi all,</div>
<div>how to invoke workflow when changing some
identity attribute?</div>
<div>I want invoke workflow in midPoint, during
loginname in authoritative resource changing. I
don't want to change loginname automaitcally in all
connected resources. I want to control it.</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Regards</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING:
0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM:
none; COLOR: rgb(0,0,0); FONT: medium 'Times New
Roman'; WIDOWS: 1; LETTER-SPACING: normal;
TEXT-INDENT: 0px; -webkit-text-stroke-width:
0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY:
Arial,
sans-serif; VERTICAL-ALIGN: bottom;
COLOR: rgb(0,0,0)" colspan="2">
<p><span style="FONT-SIZE: 14px;
FONT-WEIGHT: bold">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204)
1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY:
Arial,
sans-serif; VERTICAL-ALIGN: bottom;
COLOR: rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.ami.cz/"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204)
1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY:
Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img title="AMI Praha a.s." alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
moz-do-not-send="true" border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"
moz-do-not-send="true"><img alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
moz-do-not-send="true" border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY:
Arial,
sans-serif; COLOR: rgb(128,128,128)"
colspan="8"><br>
Textem tohoto e-mailu podepisující
neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně písemnou
formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>