IDMProv Update

IDM

IDMProv Settings

  • The configured rbpm admin users should be set as proxy user for the user container (Workdashboard - Settings - My Proxy Assignments)

IDMProv.war Patches

This is only needed if you would use existing approval forms from UserApplication. Better use [Karma Forms]forms.md.

Patch com.novell.idm.dashboard.util.ProvUtil.validateApprovalActionMap

The class is located within IDMProv.war in the WEB-INF/lib/IDMdashboard.jar. To get the jar use the following command:

jar xf /opt/novell/idm/rbpm/jboss/server/IDMProv/deploy/IDMProv.war WEB-INF/lib/IDMdashboard.jar

Then get the source of the class using a tool like JDGui.

Patch validateApprovalActionMap:

  • add startsWith("javascript:submitThenParent('postMessage") to approve, deny, refuse and update
  • add startsWith("javascript:parent.postMessage") to cancel and comments

Patch validateRequestActionMap:

If IDM version < 4.6, apply the same changes as for validateApprovalActionMap, from 4.6 onwards add:

if ((submit.startsWith("javascript:submitThenParent(")) && (cancel.startsWith("javascript:parent.postMessage"))) {
    return;
}

before:

getLogger().trace("submit: " + submit);
getLogger().trace("cancel: " + cancel);

throw new IllegalArgumentException("The combination of submit and cancel actions were invalid.");

Then compile the file as java classfile and add it to IDMProv.war

jar uf /opt/novell/idm/rbpm/jboss/server/IDMProv/deploy/IDMProv.war WEB-INF/classes/com/novell/idm/dashboard/util/ProvUtil.class

SOAP API Configuration

Removing Administrator Credential Restriction

see API Docs for more information

Extract the the WorkflowService-conf/config.xml file from the User Application WAR file's IDMfw.jar file.

Change the WorkflowService/SOAP-End-Points-Accessible-By-ProvisioningAdminOnly property from:

<property>
  <key>WorkflowService/SOAP-End-Points-Accessible-By- ProvisioningAdminOnly</key>
  <value>true</value>
</property>

To the following:

<property>
  <key>WorkflowService/SOAP-End-Points-Accessible-By-ProvisioningAdminOnly</key>
  <value>false</value>
</property>

Import the changes back into the WAR file.

LDAPTomcat Cookie Handling (4.8)