Sun Identity Manager 8.1 Business Administrator's Guide

Correlation Rules

Input for any correlation rule is a map of the action fields. Output must be one of the following:

A typical correlation rule generates a list of user names based on values of the fields in the action. A correlation rule may also generate a list of attribute conditions (referring to queryable attributes of Type.USER) that will be used to select users.

A correlation rule should be relatively inexpensive but as selective as possible. If possible, defer expensive processing to a confirmation rule.

Attribute conditions must refer to queryable attributes of Type.USER. These are configured in the Identity Manager configuration object named IDM Schema Configuration.

Correlating on an extended attribute requires special configuration:

The extended attribute must be specified as queryable.

ProcedureTo Set an Extended Attribute as Queryable

  1. Open IDM Schema Configuration. You must have the IDM Schema Configuration capability to view or edit IDM Schema Configuration.

  2. Locate the <IDMObjectClassConfiguration name=’User’> element.

  3. Locate the <IDMObjectClassAttributeConfiguration name=’ xyz ’> element, where xyz is the name of the attribute that you want to set as queryable.

  4. Set queryable=’true’

    In Correlation Rules the email extended attribute is defined as queryable.

Example 3–1 XML Excerpt That Defines the Email Extended Attribute as Queryable

    <IDMAttributeConfiguration name=’email’ syntax=’STRING’/>
    <IDMObjectClassConfiguration name=’User’ extends=’Principal’ description=’User description’>
      <IDMObjectClassAttributeConfiguration name=’email’ queryable=’true’/>

You must restart the Identity Manager application (or the application server) for the IDM Schema Configuration change to take effect.