Sun Identity Manager Deployment Reference

Workflow Task

Table 1–10 Workflow Activities



Add Result 

Adds a named data item to the task result. 

Add Result Error 

Adds an error message to the task result. 

Add Result Message 

Adds an informational message to the task result. 

Background Task 

Forces the workflow into the background if it was launched from the Identity Manager Administrator interface. 

Get Resource Result 

Retrieves the result object returned by a resource adapter on the last provisioning operation. 

Get Resource Result Item 

Retrieves one result item from the result object returned by a resource adapter on the last provisioning operation. 

Rename Task 

Renames the task instance in the repository. 

Scripted Task Executor 

Executes BeanShell or JavaScript based on a provided script. As a task, it can be scheduled to run periodically. For example, you can use it to export data from the repository to a database for reporting and analysis. Benefits include the ability to write a custom task without writing custom Java code. (Custom Java code requires a re-compile on every upgrade and must be deployed to every server because the script is embedded in the task there is no need to recompile or deploy it.) 

Set Result 

Adds an entry to the task entrance result. This will appear in the workflow summary report. 

Set Result Limit 

Sets the number of seconds the task instance should be retained in the repository when it finishes. A non-negative value indicates that the task instance will be kept for this many seconds after the task has completed. 

A negative value indicates that the task instance will never be removed automatically. However, you can remove it manually. 

Using the Default Rename Task

To use the default rename task without customization, include the following action in your workflow:

<Action process=’Rename Task’>
   <Argument name=’name’ value=’New Task Name’/>

Using the Handle Native Change To Account Attributes Workflow

Whenever Identity Manager detects a native change (that is, a change not performed through the Identity Manager) to the values of an auditable attribute of a resource account, it responds by running the handleNativeChangeToAccountAttributes workflow. This workflow is associated with this System Configuration object attribute:

<Attribute name='process'>
     <Attribute name='handleNativeChangeToAccountAttributes' value='Audit Native
                      Change To Account Attributes'/>

This workflow logs the native change events to the event log if you have enabled the Changes Outside Lighthouse audit filter. Otherwise, Identity Manager ignores the event. Warning: Be careful which methods you call from any workflow that replaces the default workflow listed above.

Because Identity Manager launches this workflow whenever a resource account fetch reveals a native change, it must not invoke any method or workflow that would trigger another fetch of the same resource account. For example, an infinite loop will result if you call any workflow services method that assembles the User view: getView(User), checkoutView(User), and possibly checkinView(User).

The fact that Identity Manager handles each native change by running a workflow allows you to hook the native change event, and to handle that native change however you see fit by replacing or adding to the default native change workflow. For example, you might choose to send email to an administrator or a user, to record the event in a database, to queue an update that would back out the native change, or even to pull that native change into Identity Manager and push it back out to the other resources.

Specifying the Administrator for a Source Adapter Task

You can assign a subject or administrator to a Source adapter task and designate the server on which it runs by editing the sources.subject and attributes of the System Configuration object. For more information, see Editing the System Configuration object in Deployment Guide.