Download OpenAPI specification:Download
This is the API specification for the Identity Orchestration (workflow) related endpoints and data model for Identity Governance (IGA).
Use this endpoint to validate the workflow script.
| _action required | string Example: _action=validate Only the value of "validate" is supported. |
| script | string The script to validate. |
| isExpression | boolean An expression that can be assigned to a variable. Defaults to false if you don't provide a value. |
{- "script": "string",
- "isExpression": true
}This endpoint returns the default JavaScript that can be used in script node.
logger.info(\"Creating User/Approval Task\"); var execution = runtimeService.createExecutionQuery().executionId(task.getExecutionId()).singleResult(); var content = execution.getVariables(); var requestId = content.get(\"id\"); var requestIndex = openidm.action(\"iga/governance/requests/\" + requestId, \"GET\", {}, {});"
Get a list of Orchestration Definitions that are saved to the backend. Orchestration definitions are either in status 'draft' of 'published'. Published orchestration definitions are tied to a request type by id and name. Published orchestration definitions are used by corresponding access request. Draft orchestration definitions can be worked on by end user and publish to backend. The draft orchestration id and name corresponds to the published orchestration defintion id and name.
| _pageSize | integer Example: _pageSize=10 Number of results per page. |
| _pagedResultsOffset | integer Example: _pagedResultsOffset=1 Page number of results to show. |
| _searchAfter | string Example: _searchAfter=CnoSdGoSc35mb3JnZXJvY2stYXV0b2lkcl4LEgZzdGF0dXMiCXB1Ymxpc2hlZAwLEi5maWVsZGluZy10ZXN0Ml9vcmNoZXN0cmF0aW9uX2RlZmluaXRpb25fbGF0ZXN0IhV0ZXN0UGFyYWxsZUFjY3RDcmVhdGUMGAAgAA== Page cursor token to be search after. Get this from the response of pervious search response. |
{- "result": [
- {
- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}, - "status": "published"
}, - {
- "id": "BasicApplicationRemove",
- "name": "BasicApplicationRemove",
- "displayName": "BasicApplicationRemove",
- "description": "BasicApplicationRemove access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "isExpression": true,
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id"
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Auto Deprovisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Deprovisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Deprovisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"remove\"\n }\n\n logger.info(\"Removing account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Deprovisioning failed: Error deprovisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1014,
- "y": 256,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 448,
- "y": 39
}, - "scriptTask-c58309b8c470": {
- "x": 456,
- "y": 120
}
}
}, - "status": "published"
}, - {
- "id": "BasicEntitlementGrant",
- "name": "BasicEntitlementGrant",
- "displayName": "BasicEntitlementGrant",
- "description": "BasicEntitlementGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "isExpression": true,
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id"
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}, - {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-3eab1948f1ec"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-aec6c36b3a45"
}
]
}
}, - {
- "name": "scriptTask-3eab1948f1ec",
- "displayName": "Entitlement Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running entitlement grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar assignmentId = null;\nvar app = null;\nvar assignment = null;\nvar existingAccount = false;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n assignmentId = requestObj.assignment.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check entitlement exists\nif (!failureReason) {\n try {\n assignment = openidm.read('managed/alpha_assignment/' + assignmentId);\n if (!assignment) {\n failureReason = \"Validation failed: Cannot find assignment with id \" + assignmentId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading assignment with id \" + assignmentId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 3 - Check the user has application granted\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n existingAccount = true;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check existing applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\n// Validation 4 - If account does not exist, provision it\nif (!failureReason) {\n if (!existingAccount) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Validation failed: Error provisioning new account to user \" + request.common.userId + \" for application \" + applicationId + \". Error message: \" + e.message;\n }\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-48e748c42994"
}
]
}
}, - {
- "name": "exclusiveGateway-48e748c42994",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationFlowSuccess",
- "step": "scriptTask-0359a9d77ee2"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFlowFailure",
- "step": "scriptTask-0b56191887de"
}
]
}
}, - {
- "name": "scriptTask-0b56191887de",
- "displayName": "Entitlement Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-0359a9d77ee2",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"entitlementId\": request.common.entitlementId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/entitlements' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning entitlement to user \" + request.common.userId + \" for entitlement \" + request.common.entitlementId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-aec6c36b3a45",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1262,
- "y": 513,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "script",
- "id": {
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "script",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-3eab1948f1ec": {
- "x": 433,
- "y": 70.015625
}, - "exclusiveGateway-48e748c42994": {
- "x": 724,
- "y": 65.015625
}, - "scriptTask-0b56191887de": {
- "x": 978,
- "y": 165.015625
}, - "scriptTask-0359a9d77ee2": {
- "x": 957,
- "y": 72.015625
}, - "scriptTask-aec6c36b3a45": {
- "x": 430,
- "y": 165.015625
}
}
}, - "status": "published"
}, - {
- "id": "BasicEntitlementRemove",
- "name": "BasicEntitlementRemove",
- "displayName": "BasicEntitlementRemove",
- "description": "BasicEntitlementRemove access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "isExpression": true,
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id"
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-aec6c36b3a45"
}, - {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-0359a9d77ee2"
}
]
}
}, - {
- "name": "scriptTask-0359a9d77ee2",
- "displayName": "Auto Deprovisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Deprovisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Deprovisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"entitlementId\": request.common.entitlementId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"remove\"\n }\n\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/entitlements' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Deprovisioning failed: Error deprovisioning entitlement to user \" + request.common.userId + \" for entitlement \" + request.common.entitlementId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-aec6c36b3a45",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1037,
- "y": 169,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "script",
- "id": {
- "value": "\"managed/user/\" + requestIndex.entitlementOwner[0].id ? \"managed/user/\" + requestIndex.entitlementOwner[0].id : \"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "script",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-0359a9d77ee2": {
- "x": 438,
- "y": 42.015625
}, - "scriptTask-aec6c36b3a45": {
- "x": 432,
- "y": 127.015625
}
}
}, - "status": "published"
}, - {
- "id": "BasicRoleGrant",
- "name": "BasicRoleGrant",
- "displayName": "BasicRoleGrant",
- "description": "BasicRoleGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})()",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})()",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}, - {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-3eab1948f1ec"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-aec6c36b3a45"
}
]
}
}, - {
- "name": "scriptTask-3eab1948f1ec",
- "displayName": "Role Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running role grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar roleId = null;\nvar role = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n roleId = requestObj.role.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check role exists\nif (!failureReason) {\n try {\n role = openidm.read('managed/alpha_role/' + roleId);\n if (!role) {\n failureReason = \"Validation failed: Cannot find role with id \" + roleId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading role with id \" + roleId + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-48e748c42994"
}
]
}
}, - {
- "name": "exclusiveGateway-48e748c42994",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationFlowSuccess",
- "step": "scriptTask-0359a9d77ee2"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFlowFailure",
- "step": "scriptTask-0b56191887de"
}
]
}
}, - {
- "name": "scriptTask-0b56191887de",
- "displayName": "Role Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-0359a9d77ee2",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"roleId\": request.common.roleId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/roles' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning role to user \" + request.common.userId + \" for role \" + request.common.roleId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-aec6c36b3a45",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1314,
- "y": 456,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "script",
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})();",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "script",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-3eab1948f1ec": {
- "x": 433,
- "y": 70.015625
}, - "exclusiveGateway-48e748c42994": {
- "x": 724,
- "y": 65.015625
}, - "scriptTask-0b56191887de": {
- "x": 978,
- "y": 165.015625
}, - "scriptTask-0359a9d77ee2": {
- "x": 957,
- "y": 72.015625
}, - "scriptTask-aec6c36b3a45": {
- "x": 430,
- "y": 165.015625
}
}
}, - "status": "published"
}, - {
- "id": "BasicRoleRemove",
- "name": "BasicRoleRemove",
- "displayName": "BasicRoleRemove",
- "description": "BasicRoleRemove access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})()",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})()",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-aec6c36b3a45"
}, - {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-0359a9d77ee2"
}
]
}
}, - {
- "name": "scriptTask-0359a9d77ee2",
- "displayName": "Auto Deprovisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Deprovisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Deprovisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"roleId\": request.common.roleId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"remove\"\n }\n\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/roles' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Deprovisioning failed: Error deprovisioning role to user \" + request.common.userId + \" for role \" + request.common.roleId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-aec6c36b3a45",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1037,
- "y": 169,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "script",
- "id": {
- "value": "(function() {\n var systemSettings = openidm.action('iga/commons/config/iga_access_request', 'GET', {}, {});\n var approver = null;\n if (requestIndex.roleOwner && requestIndex.roleOwner[0]) {\n approver = \"managed/user/\" + requestIndex.roleOwner[0].id;\n } else if (systemSettings && systemSettings.defaultApprover) {\n approver = systemSettings.defaultApprover;\n }\nreturn approver;\n})();",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "script",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-0359a9d77ee2": {
- "x": 438,
- "y": 42.015625
}, - "scriptTask-aec6c36b3a45": {
- "x": 432,
- "y": 127.015625
}
}
}, - "status": "published"
}
], - "totalHits": 6,
- "searchAfterKey": "CoQBEn5qInp1d35mci1zaGQ2OWt3OXU4eWxnYWs4ZWUyd2YxMnF4MTNyWAsSBnN0YXR1cyIJcHVibGlzaGVkDAsSLmF1dG9ub21vdXMtaWFtX29yY2hlc3RyYXRpb25fZGVmaW5pdGlvbl9sYXRlc3QiD0Jhc2ljUm9sZVJlbW92ZQwYACAA"
}Create or publish an an orchestration definition (workflow).
| _action required | string Enum: "create" "validate" "publish" Action to be performed for requests endpoint. |
| id | string ID of the orchestration definition. It must to be one of the 6 seeded definitions. |
| name | string Name of the orchestration definition. It must to be one of the 6 seeded definitions. |
| displayName | string The name that displays for the orchestration definition. |
| description | string The description of the orchestration definition. |
| type | string Value: "provisioning" Provisioning is the only available type. |
Array of any The order of steps. The first element in the steps array is the first step of the workflow. |
{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}Update or publish the orchestration (worfklow) definition.
| id required | string |
| id | string ID of the orchestration definition. It must to be one of the 6 seeded definitions. |
| name | string Name of the orchestration definition. It must to be one of the 6 seeded definitions. |
| displayName | string The name that displays for the orchestration definition. |
| description | string The description of the orchestration definition. |
| type | string Value: "provisioning" Provisioning is the only available type. |
Array of any The order of steps. The first element in the steps array is the first step of the workflow. |
{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}Get Orchestration Definition.
| id required | string |
| status required | string Enum: "draft" "published" |
{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}Delete Orchestration Definition.
| id required | string |
| status required | string Enum: "draft" "published" |
{- "id": "BasicApplicationGrant",
- "name": "BasicApplicationGrant",
- "displayName": "BasicApplicationGrant",
- "description": "BasicApplicationGrant access request type.",
- "type": "provisioning",
- "steps": [
- {
- "name": "approvalTask-74cf85c35437",
- "displayName": "Approval Task",
- "type": "approvalTask",
- "approvalTask": {
- "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}, - "permissions": {
- "approve": true,
- "reject": true,
- "reassign": true,
- "modify": true,
- "comment": true
}
}
], - "events": {
- "assignment": {
- "notification": "requestAssigned"
}, - "reassign": {
- "notification": "requestReassigned"
}, - "reminder": {
- "notification": "requestReminder",
- "frequency": 3,
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(3*1*24*60*60*1000))).toISOString()"
}
}, - "escalation": {
- "notification": "requestEscalated",
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(5*1*24*60*60*1000))).toISOString()"
}, - "actors": [
- {
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
]
}, - "expiration": {
- "action": "reject",
- "notification": "requestExpired",
- "actors": [ ],
- "date": {
- "isExpression": true,
- "value": "(new Date(new Date().getTime()+(7*24*60*60*1000))).toISOString()"
}
}
}, - "nextStep": [
- {
- "condition": null,
- "outcome": "APPROVE",
- "step": "scriptTask-626899b6e99a"
}, - {
- "condition": null,
- "outcome": "REJECT",
- "step": "scriptTask-c58309b8c470"
}, - {
- "condition": null,
- "outcome": "EXPIRATION",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-626899b6e99a",
- "displayName": "Application Grant Validation",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Running application grant request validation\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\nvar applicationId = null;\nvar app = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n applicationId = requestObj.application.id;\n}\ncatch (e) {\n failureReason = \"Validation failed: Error reading request with id \" + requestId;\n}\n\n// Validation 1 - Check application exists\nif (!failureReason) {\n try {\n app = openidm.read('managed/alpha_application/' + applicationId);\n if (!app) {\n failureReason = \"Validation failed: Cannot find application with id \" + applicationId;\n }\n }\n catch (e) {\n failureReason = \"Validation failed: Error reading application with id \" + applicationId + \". Error message: \" + e.message;\n }\n}\n\n// Validation 2 - Check the user does not already have application granted\n// Note: this is done at request submission time as well, the following is an example of how to check user's accounts\nif (!failureReason) {\n try {\n var user = openidm.read('managed/alpha_user/' + requestObj.user.id, null, [ 'effectiveApplications' ]);\n user.effectiveApplications.forEach(effectiveApp => {\n if (effectiveApp._id === applicationId) {\n failureReason = \"Validation failed: User with id \" + requestObj.user.id + \" already has effective application \" + applicationId;\n }\n })\n }\n catch (e) {\n failureReason = \"Validation failed: Unable to check effective applications of user with id \" + requestObj.user.id + \". Error message: \" + e.message;\n }\n}\n\nif (failureReason) {\n logger.info(\"Validation failed: \" + failureReason);\n}\nexecution.setVariable(\"failureReason\", failureReason);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": "exclusiveGateway-5167870154a9"
}
]
}
}, - {
- "name": "scriptTask-c58309b8c470",
- "displayName": "Reject Request",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Rejecting request\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\n\nlogger.info(\"Execution Content: \" + content);\nvar requestIndex = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\nvar decision = {'outcome': 'denied', 'status': 'complete'};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "exclusiveGateway-5167870154a9",
- "displayName": "Validation Gateway",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"This is exclusive gateway\");",
- "nextStep": [
- {
- "condition": "failureReason == null",
- "outcome": "validationSuccess",
- "step": "scriptTask-3a74557440fb"
}, - {
- "condition": "failureReason != null",
- "outcome": "validationFailure",
- "step": "scriptTask-744ef6a8b9a2"
}
]
}
}, - {
- "name": "scriptTask-3a74557440fb",
- "displayName": "Auto Provisioning",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "logger.info(\"Auto-Provisioning\");\n\nvar content = execution.getVariables();\nvar requestId = content.get('id');\nvar failureReason = null;\n\ntry {\n var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});\n logger.info(\"requestObj: \" + requestObj);\n}\ncatch (e) {\n failureReason = \"Provisioning failed: Error reading request with id \" + requestId;\n}\n\nif(!failureReason) {\n try {\n var request = requestObj.request;\n var payload = {\n \"applicationId\": request.common.applicationId,\n \"startDate\": request.common.startDate,\n \"endDate\": request.common.endDate,\n \"auditContext\": {},\n \"grantType\": \"request\"\n };\n var queryParams = {\n \"_action\": \"add\"\n }\n\n logger.info(\"Creating account: \" + payload);\n var result = openidm.action('iga/governance/user/' + request.common.userId + '/applications' , 'POST', payload,queryParams);\n }\n catch (e) {\n failureReason = \"Provisioning failed: Error provisioning account to user \" + request.common.userId + \" for application \" + request.common.applicationId + \". Error message: \" + e.message;\n }\n\n var decision = {'status': 'complete'};\n if (failureReason) {\n decision.outcome = 'not provisioned';\n decision.comment = failureReason;\n decision.failure = true;\n }\n else {\n decision.outcome = 'provisioned';\n }\n\n var queryParams = { '_action': 'update'};\n openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);\n logger.info(\"Request \" + requestId + \" completed.\");\n}",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}, - {
- "name": "scriptTask-744ef6a8b9a2",
- "displayName": "Application Grant Validation Failure",
- "type": "scriptTask",
- "scriptTask": {
- "language": "javascript",
- "script": "var content = execution.getVariables();\nvar failureReason = content.get('failureReason');\n\nvar decision = {'outcome': 'not provisioned', 'status': 'complete', 'comment': failureReason, 'failure': true};\nvar queryParams = { '_action': 'update'};\nopenidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);",
- "nextStep": [
- {
- "condition": "true",
- "outcome": "done",
- "step": null
}
]
}
}
], - "staticNodes": {
- "startNode": {
- "id": "startNode",
- "x": 70,
- "y": 140,
- "connections": {
- "start": "approvalTask-74cf85c35437"
}
}, - "endNode": {
- "id": "endNode",
- "x": 1288,
- "y": 521,
- "connections": null
}, - "uiConfig": {
- "approvalTask-74cf85c35437": {
- "actors": [
- {
- "type": "applicationOwner",
- "id": {
- "value": "\"managed/user/\" + requestIndex.applicationOwner[0].id",
- "isExpression": true
}
}
], - "events": {
- "escalationType": "applicationOwner",
- "escalationDate": 5,
- "escalationTimeSpan": "day(s)",
- "reminderDate": 3,
- "reminderTimeSpan": "day(s)"
}, - "x": 210,
- "y": 110
}, - "scriptTask-626899b6e99a": {
- "x": 440,
- "y": 80
}, - "scriptTask-c58309b8c470": {
- "x": 464,
- "y": 164
}, - "exclusiveGateway-5167870154a9": {
- "x": 740,
- "y": 78
}, - "scriptTask-3a74557440fb": {
- "x": 981,
- "y": 80.5
}, - "scriptTask-744ef6a8b9a2": {
- "x": 955,
- "y": 193.015625
}
}
}
}