The SystemConfiguration object provides a central control point for many system behaviors and provides a means of storing persistent customizations to system behavior. Given its importance, and the frequency with deployers customize it, the full range of possible customizations are not documented here. Some common customizations are documented here:
The forgotPasswordChangeResults attribute in the System Configuration object controls whether Identity Manager displays a confirmation page after a user or administrator has initiated a password change by clicking the Forgot My Password button during log in.
The default value of forgotPasswordChangeResults.User is true.
The default value of forgotPasswordChangeResults.Admin is false.
The delegation.historyLength attribute controls the size of the list of both current and completed delegations displayed by the End User View workItem Delegation form. This attribute specifies the maximum number of delegations that can appear in the delegation table. Note that the table will show all current delegations, no matter which value you set here.
The SystemConfiguration object contains the security.delegation.historyLength attribute, which controls the number of previous delegations that are recorded.
The process.handleNativeChangeToAccountAttributes attribute controls the auditing of attribute values. When set to true, attribute value enabling is enabled for both the reconciliation process and for the provisioner. By default, this property is not enabled.
The security.saveNoValidateAllowedFormsAndWorkflows attribute lists the IDs of forms and workflows that will be processed as a SaveNoValidate action. All other forms and workflows will be processed as a Save. If this list is not present, the behavior remains the same for all forms and workflows (all forms and workflows will be processed as SaveNoValidate.
You can customize login behavior by directly editing system configuration object attributes.
By default, Identity Manager prevents browsers from offering to store the user's credentials. You can enable the autocomplete feature for the login pages by changing the ui.web.disableAutocomplete system configuration object to true. The login pages include login.jsp, continueLogin.jsp, user/login.jsp, and user/continueLogin.jsp.
Identity Manager login forms other than the preceding ones are generated from XPRESS, and you must edit these forms to use the new display property. These forms, which reside in the sample directory, include this property commented out by default.
Anonymous User Login
Question Login Form
End User Anonymous Enrollment Validation Form
End User Anonymous Enrollment Completion Form
The ProvisioningDisabledUserShouldThrow attribute controls whether Identity Manager will produce an error message when preventing an attempt to provision a disabled user. When set to true, Identity Manager will prevent any attempt to provision a disabled user to a resource and will produce an error. When this attribute is not set to true, then Identity Manager will still prevent the provisioning, but will not produce an error.
The runPasswordLoginOnSuccess attribute controls whether Identity Manager will run the Password Login workflow when a user successfully logs in. When set to true, Identity Manager will run this workflow after successful login. By default, the value of this attribute is false.
You can customize PasswordSync behavior by directly editing the following system configuration object attributes:
PasswordSyncResourceExcludeList – This attribute controls whether lists of resource names should always be excluded from synchronization.
PasswordSyncThreshold – If PasswordSync is enabled for a resource for which Identity Manager can also initiate password changes, you can use this setting to prevent a loop-back password change. When you initiate a password change from Identity Manager, it will set the password on the resource, and the PasswordSync library will notify Identity Manager of the change. Identity Manager will then compare the lastPasswordDate on the user object to the current time. If this difference is less than the PasswordSyncThreshold, Identity Manager will ignore the password change.
The value of scheduler.hosts is a map that contains an entry for each host that you want to control. The key is the hostname for the Identity Manager application instance.
To see the hostname value, go to the debug/GetStatus.jsp page in your Identity Manager installation.
The following values are valid:
The default value is used if no value or an invalid value is specified.
The task.scheduler.enabled and task.scheduler.suspended properties in the Waveset.properties file override the value set in the System Configuration object.
Following is an example of the scheduler attribute from Configuration:System Configuration:
<Attribute name=’scheduler’> <Object> <Attribute name=’hosts’> <Map> <MapEntry key=’goliad’ value=’enabled’/> <MapEntry key=’sanjacinto’ value=’manual’/> <MapEntry key=’washington’ value=’disabled’/> </Map> </Attribute> </Object> </Attribute>
You can edit the following two attributes to customize the behavior of the source adapter task:
sources.subject – Specifies the login name of the administrator designated as the owner of the source adapter task.
sources.hosts – Specifies the server on which the source adapter task runs.