La diversificación (dispersión) de los flujos Complejidad de las redes

3.3 Características de la nueva movilidad metropolitana

3.3.2 La diversificación (dispersión) de los flujos Complejidad de las redes

6.7.2 Using the Workflow Database

Look in the workflow database to see how the data associated with the flowdata object changes as

the workflow progresses from one activity to the next. To see this data, you can look at the

afdocument

table.

6.7.3 Changing Log Levels

During the debugging process, you can change the log levels associated with the workflow system

(com.novell.soa.af.impl), the provisioning requests component of the User Application

(com.novell.srpr.apwa), and the evaluation of server side scripts (com.novell.soa.script). This

approach might generate more information than you need, but sometimes it can be helpful. To

change logging levels, go to the Logging page within the Administration tab of the User

Application.

6.8 Provisioning Multiple Individuals with One

Workflow Instance

You can configure a provisioning request definition so that one individual (for example, a team

manager) can provision multiple individuals (for example, members of a team, or a group) with one

workflow. The provisioning request definition can be configured to provision any one of the

following:

Multiple individual users from the default user container

All members of a group from the default group container (for example, Sales, Marketing, HR,

IT)

All members of any arbitrary Identity Vault container

To create this type of workflow, create the provisioning request definition as you normally would.

On the Overview panel, select Single Flow Provision Members from the Flow Strategy list.

6.8.1 Basic Steps for Using the Workflow

This section describes the basic steps for using a workflow that utilizes the Single Flow Provision

Members flow strategy.

1 Log in to the user application as a user application administrator.

2 Click Requests and Approvals.

3 Click Request Team Resources.

4 Select the provisioning category to which the provisioning request belongs, then click OK.

You should see a workflow that is marked with an icon that contains a cluster of people:

5 Click the name of the workflow.

A form is displayed that provides three methods of selecting multiple users to provision:

Specify one or more recipients

Specify a group

6 Specify the recipients, then click Continue.

6.8.2 Setting up the Workflow for a Team Manager to Use

To enable a Team Manager to use a workflow that uses the Single Flow Provision Members flow

strategy, you need to perform these additional setup steps:

1 Log in to iManager as an administrator.

2 In Roles and Tasks, select Provisioning Configuration.

3 Select Provisioning Teams.

4 Set up the team if it is not already set up.

5 Bind the workflow to the team by defining a Provisioning Team Request using the Provisioning

Configuration Role and Task.

6.9 Making Distinguished Name References

Portable

When you use a DN in an expression in a provisioning request definition, the expression might fail

if you the provisioning request definition to an Identity Vault with a different structure. You

typically specify DNs in:

Overview panel: Trustee specification.

User activity: Addressee and escalation addressee.

Entity activity: Entitlement reference and entity DN.

Many other expressions, for example, IDVault.get(dn, class, attribute).

Some expressions, such as recipient, are portable. The following expressions, which are used by

default in the User activity, are also portable:

IDVault.get(recipient,’user’,’manager’)

To ensure that your DN expressions are portable across Identity Vaults, you can use one of the

following variables:

ROOT_CONTAINER: for example ou=idm-prov,o=novell

PROVISIONING_DRIVER: for example cn=UserApplication,cn=TestDrivers,o=novell

USER_CONTAINER: for example ou=users,ou=idm-prov,o=novell

GROUP_CONTAINER: for example ou=groups,ou=idm-prov,o=novell

These variables are defined during installation of the user application and are resolved at runtime by

the ECMAScript engine. You can find them in the ECMA expression builder under the process

node. Suppose you wanted to reference an entitlement at the following DN:

‘cn=myEntitlement,cn=UserApplication,cn=TestDrivers,o=novell’

You could use the following expression to make the DN portable to any identity vault:

‘’cn=MyEntitlement,’ + PROVISIONING_DRIVER

You can use this technique for users and groups also.

NOTE: Trustees are not expressions so you cannot use this technique with Trustees.

6.10 Configuring Digital Signature Support

This section describes how to use Designer to configure provisioning request definitions to support

digital signatures. To configure a provisioning request definition to support digital signatures, follow

the steps outlined in the following table.

Table 6-13 Steps for Specifying Digital Signature Support in Workflows

Step Task Description

1 Create one or more digital signature declarations.

See Section 6.10.2, “Creating a Signature Declaration,” on page 196.

2 Specify whether a digital signature is required to initiate a

provisioning request.

In the Workflow panel, click the Start activity and set the following properties:

Digital Signature Required: See Section 6.10.1, “Digital Signature Workflow Properties,” on page 196.

Signature Declaration: Choose a signature

declaration from the drop-down list. The list is only populated if you completed Step 1 (above). 3 Specify whether a digital signature

is required for each approval step within the workflow.

Each approval step can have more than one outgoing link. You must specify the Digital Signature Required property and the Signature Declaration properties for each approval step and each outgoing flow path. For a description of the property settings, see Section 6.10.1, “Digital Signature Workflow Properties,” on page 196.

6.10.1 Digital Signature Workflow Properties

Table 6-14 Digital Signature Settings

6.10.2 Creating a Signature Declaration

1 Open the Signature Declarations tab.

4 Determine the forms that contain a title control.

Title controls have a property called Display title in signed form document. Determine for your application and use of digital signatures whether this property should be set to true or false. For more information on this property, see Section 5.5.20, “Title,” on page 154.

Setting Description

Digital Signature Type Specifies whether the digital signature uses data or form as its type: Data: Specifies that the XML signature serves as the user

agreement. When you select Data, the XML data is written to the audit log.

Form: Specifies to generate a PDF document that includes the

digital signature declaration. This document serves as the user agreement. The user can preview the generated PDF document before submitting a request or approval. When you select Form, the PDF document (encapsulated in XML) is written to the audit log.

Digital Signature Declaration Specifies a digital signature confirmation string that certifies the user’s signature. See Section 6.10.2, “Creating a Signature Declaration,” on page 196.

2 Click to add a row, then fill in the fields as follows:

3 Click Save.

Field Description

Signature Declaration ID A unique identifier for the signature declaration. This ID is displayed in the drop-down for the “Digital Signature Declaration” on page 196. Language Choose a language and specify the signature declaration translation for

that language. The signature declaration string is also exported as part of the Provisioning view’s Export > Export Localization Data so that you can send the declaration to be localized as part of the rest of the User Application display labels and strings.