I'll Get My Coat

Identity Management? I'll Get My Coat...





Thursday Jul 09, 2009

Generating Unique ASCII AccountIds

In many situations on my travels I've been requested by customers to show how we can generate UID  attribute values that are ASCII only. Take for example the name TODORIć SNJEžANA or for example  the French name, Françoise, we want to replace the ç with an ASCCI c.  Since using extended characters for userNames can actually break many systems that expect ASCII only. For this reason I'm sharing some code that I've reused many many times during proof of concepts with Sun Identity Manager.  

First of all we're assuming you're in an ActiveSync scenario here, so we've got a <Field> element on an ActiveSync form. Let's see how we'll call this Rule to generate a unique Identity Manager accountId using ASCII characters only.

    <Field name='waveset.accountId'>
        <Expansion>
          <rule name='Custom - Generate IDM Account Id'>
            <argument name='p_firstname' value='$(activeSync.firstname)'/>
            <argument name='p_lastname' value='$(activeSync.lastname)'/>
          </rule>
        </Expansion>
      </Field>


The Rule "Custom - Generate IDM Account Id" iterates over the input strings and checks each character replacing it with a specificied ASCII alternative.

In the Rule called "Custom - Test String" there's a list of source characters that will be taken as the source list of characters to replace

    <set name='sourceList'>
     <List>
       <String>Ć</String>
       <String>Š</String>
       <String>Č</String>
       <String>Ž</String>
       <String>Đ</String>
       <String>è</String>
     </List>
   </set>

In the Rule called "Custom - Swap Char" there's the actual case statement that does the swap between the original non-ASCII char and the specified ASCII alternative.

      <case>
        <s>Š</s>
        <s>S</s>
      </case>
      <case>
        <s>Ć</s>
        <s>C</s>
      </case>
      <case>
        <s>Ž</s>
        <s>Z</s>
      </case>
      <case>
        <s>Đ</s>
        <s>DJ</s>
      </case>

Finally, the Rule "Custom - Generate IDM Account Id" ensures the generated candidate accountId is unique by querying the IdM repo and using a numeric suffix to ensure uniqueness.

You can download my original XML Rules here




Comments[1]

Saturday Sep 20, 2008

Know Java, need help with XPRESS?

Know Java, need help with XPRESS?? Help is at hand!![Read More]

Comments[0]

Wednesday Dec 05, 2007

Java Date Comparisons In Identity Manager

During my POC rounds I often come up against Identity Management requirements to manipulate date strings, for example, a contract hire date coming from a HR feed inside a CSV file, when should this user be provisioned? When should this user be deprovisioned? How long should this compliance violation be mitigated? I'm often re-writing the same piece of logic so the logic implies that others using Sun Identity Manager are doing similar, so I'll post my contribution to this blog mainly to stop me loosing it all the time (doh)... So here's the java version with the code logic adapter to XPRESS. Just to note that from within Identity Manager both Java and XPRESS can be called so you're free to select your poison ..
 

import java.text.ParseException;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
 public class DateTestEADS{
   
public static void main (String args[]){
	String dateString = "31.10.2007";
	Calendar todayCal = Calendar.getInstance();
	Date todayDate = todayCal.getTime();
        SimpleDateFormat format = new SimpleDateFormat("dd.MM.yyyy") ;

        // Parse the date        
	try {
		Date endDate = format.parse(dateString);
		System.out.println("Original string: " + dateString);
		System.out.println("Parsed date    : " + endDate.toString());
		System.out.println("Todays date	   : " + todayDate);
		Calendar endCal = new GregorianCalendar();
		endCal.setTime(endDate);boolean result = endCal.after(todayCal);           
		System.out.println("Q:Is the date " + dateString + ", after today? A:"+result);
        }
        catch(ParseException pe) {            
		System.out.println("ERROR: could not parse date in string \"" + dateString + "\"") ;
        }
   }
}

Here's the same logic in XPRESS

 

<RuleArgument name='dateString' value='31.12.2007'>
    <Comments>A date such as "31.10.2007" as a string</Comments>
    <String>31.12.2007</String>
  </RuleArgument>
  <block>
    <defvar name='todayCal'/>
    <defvar name='todayDate'/>
    <defvar name='endDate'/>
    <defvar name='endCal'/>
    <defvar name='format'/>
    <set name='todayCal'>
      <invoke name='getInstance' class='java.util.Calendar'/>
    </set>
    <set name='endCal'>
      <new class='java.util.GregorianCalendar'/>
    </set>
    <set name='todayDate'>
      <invoke name='getTime'>
        <ref>todayCal</ref>
      </invoke>
    </set>
    <set name='format'>
      <new class='java.text.SimpleDateFormat'>
        <s>dd.MM.yyyy</s>
      </new>
    </set>
    <block name='parse the date'>
      <set name='endDate'>
        <invoke name='parse'>
          <ref>format</ref>
          <ref>dateString</ref>
        </invoke>
      </set>
      <invoke name='setTime'>
        <ref>endCal</ref>
        <ref>endDate</ref>
      </invoke>
      <invoke name='after'>
        <ref>endCal</ref>
        <ref>todayCal</ref>
      </invoke>
    </block>
  </block>



Comments[0]

Today's Page Hits: 52

analyst attachmate desktop dsee external forrester global identity identity+manager identitymanager idm irc java management opends opensso oracle rbac roles sgd srm sun vdi virtualdesktop xpress