Sun Identity Manager Deployment Guide

SystemConfiguration Object

The SystemConfiguration object provides a central control point for many system behaviors and provides a means of storing persistent customizations to system behavior. Given its importance, and the frequency with deployers customize it, the full range of possible customizations are not documented here. Some common customizations are documented here:

Controlling the Display of the Password Confirmation Popup

The forgotPasswordChangeResults attribute in the System Configuration object controls whether Identity Manager displays a confirmation page after a user or administrator has initiated a password change by clicking the Forgot My Password button during log in.

Configuring Delegate History List Length

The delegation.historyLength attribute controls the size of the list of both current and completed delegations displayed by the End User View workItem Delegation form. This attribute specifies the maximum number of delegations that can appear in the delegation table. Note that the table will show all current delegations, no matter which value you set here.

The SystemConfiguration object contains the security.delegation.historyLength attribute, which controls the number of previous delegations that are recorded.

Enabling Attribute Value Customization

The process.handleNativeChangeToAccountAttributes attribute controls the auditing of attribute values. When set to true, attribute value enabling is enabled for both the reconciliation process and for the provisioner. By default, this property is not enabled.

Form and Workflow Save Behavior Customization

The security.saveNoValidateAllowedFormsAndWorkflows attribute lists the IDs of forms and workflows that will be processed as a SaveNoValidate action. All other forms and workflows will be processed as a Save. If this list is not present, the behavior remains the same for all forms and workflows (all forms and workflows will be processed as SaveNoValidate.

Login-Related Customizations

You can customize login behavior by directly editing system configuration object attributes.

Enabling autocomplete for Login Pages

By default, Identity Manager prevents browsers from offering to store the user's credentials. You can enable the autocomplete feature for the login pages by changing the ui.web.disableAutocomplete system configuration object to true. The login pages include login.jsp, continueLogin.jsp, user/login.jsp, and user/continueLogin.jsp.

Identity Manager login forms other than the preceding ones are generated from XPRESS, and you must edit these forms to use the new display property. These forms, which reside in the sample directory, include this property commented out by default.

Displaying an Error Message During an Attempt to Provision a Disabled User

The ProvisioningDisabledUserShouldThrow attribute controls whether Identity Manager will produce an error message when preventing an attempt to provision a disabled user. When set to true, Identity Manager will prevent any attempt to provision a disabled user to a resource and will produce an error. When this attribute is not set to true, then Identity Manager will still prevent the provisioning, but will not produce an error.

Launching the Password Login Workflow upon Login

The runPasswordLoginOnSuccess attribute controls whether Identity Manager will run the Password Login workflow when a user successfully logs in. When set to true, Identity Manager will run this workflow after successful login. By default, the value of this attribute is false.

PasswordSync-Related Customizations

You can customize PasswordSync behavior by directly editing the following system configuration object attributes:

Registering Scheduler Startup (for Clustered Environments)

The scheduler.hosts attribute registers startup behavior for the scheduler for each Identity Manager application instance.

The value of scheduler.hosts is a map that contains an entry for each host that you want to control. The key is the hostname for the Identity Manager application instance.

Note –

To see the hostname value, go to the debug/GetStatus.jsp page in your Identity Manager installation.

The following values are valid:

The default value is used if no value or an invalid value is specified.

Note –

The task.scheduler.enabled and task.scheduler.suspended properties in the file override the value set in the System Configuration object.

Following is an example of the scheduler attribute from Configuration:System Configuration:

<Attribute name=’scheduler’>
      <Attribute name=’hosts’>
            <MapEntry key=’goliad’ value=’enabled’/>
            <MapEntry key=’sanjacinto’ value=’manual’/>
            <MapEntry key=’washington’ value=’disabled’/>

Source Adapter Task Customization

You can edit the following two attributes to customize the behavior of the source adapter task: