This project is read-only.

Overview

The FIM Workflow Library is a collection of custom workflow activities for Microsoft Forefront Identity Manager 2010. The library is deployed as a single .dll (FIMWorkFlowLibrary.dll) containing all the activities, their respective UI elements and a utility class (FIMUtils.vb). The code is written in VB .NET.

Current activities within the Library are:

  • MakeAccountName– this activity creates a unique accountName attribute for a user object when invoked by a workflow. The activity takes parameters from the user interface indicating what attributes should be used to create the name, the standard pattern for the name, how to modify the name if the first one is not unique and if there are any exceptions to the standard pattern.
  • MakeEmailAlias – this activity is very similar to MakeAccountName, but creates an email alias rather than an accountName (N.B. both activities may be moved to a single “makeUniqueAttribute” activity in the future.
  • SetEntitlements – this activity is “RBAC-Lite”. It populates a multi-valued attribute “entitlements” that is used by provisioning rules to determine which connected systems to provision a user to. The code calls a SQL lookup that reads the entitlements from a SQL table based on a user’s primary role and populates the FIM attribute.

Deployment

To deploy the library:

  1. Download the source code solution and all associated files then compile locally. The resulting assembly “FIMWorkflowLibrary.dll” has been signed with the strong name key file “Neslab.FIM.snk” which is included in the solution. If you want to use the code and compile as part of another namespace you will need your own strong name and key file and take note of the PublicKeyToken value when copying to the assembly (see below) as this will differ from the value below.
  2. Register the .dll with the Windows assembly on the FIM Portal server and restart IIS. If you want to debug the code, you will need to copy the .pdb file to the FIM Service directory. I recommend creating “copy” and “publish” batch files if you will be recompiling often e.g.

    “Copy.bat”

    @ECHO OFF
    xcopy "C:\Neslab-FIM Project\Neslab-FIM\Service\FIMWorkflowLibrary\bin\FIMWorkflowLibrary.dll" "c:\temp" /i /y
    xcopy "C:\Neslab-FIM Project\Neslab-FIM\Service\FIMWorkflowLibrary\bin\FIMWorkflowLibrary.pdb" "c:\Program Files\Microsoft Forefront Identity Manager\2010\Service" /i /y

    “Publish.bat”

    "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\gacutil" /i "C:\temp\FIMWorkflowLibrary.dll"
    net stop "Forefront Identity Manager Service"
    net start "Forefront Identity Manager Service"
    IISRESET

  3. Check that the assembly is registered in the assembly and take note of the value of the PublicKeyToken (f29813a58b4ce0c0 if using the Neslab.FIM.snk).

  4. Create an Activity Information Configuration (AIC) object for each activity you intend to use. To do this:

    1. Log into the FIM Portal as Administrator then navigate to Administration/All Objects

    2. Click on “Activity Information Configration” to see all existing AICs

    3. Click on “New” and give the AIC a suitable display name e.g. “Neslab Account Name Creator”

    4. Click on “Next” and complete the form as follows:

      • Activity Name = Neslab.FIM.MakeAccountName

      • Assembly Name = FIMWorkflowLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f29813a58b4ce0c0

      • Is Action Activity = checked

      • Type Name = Neslab.FIM.FIMUIs.MakeAccountNameUI

      • Click “Finish” and “Submit”

    5. If the AIC was created correctly the new activity will be available to be added to Action workflows, as shown below:

Last edited Jun 11, 2014 at 3:13 PM by DaveNesbitt, version 16