How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I use workflow scripts to make calls back to IDM 5.x and 6.x?

Last updated Apr 8, 2021

The purpose of this article is to provide assistance with using workflow scripts to make calls back to IDM. This article gives some examples around managed users to help you create your own workflows.

Overview

IDM 7 and later uses the Flowable workflow engine, whereas earlier versions use the Activiti workflow engine.

If you are upgrading to IDM 7 or later, you will need to write new workflow definitions. See Release Notes › Incompatible Changes (New Workflow Engine) for further information.

Using workflow scripts to make calls back to IDM

Example scripts are included in this article for the following use cases:

  • How do I query IDM for a list of all managed users? - this example calls openidm.query from a workflow.
  • How do I query IDM for a list of all managed provisioning roles? - this example calls openidm.query from a workflow.
  • How do I patch a managed user to add additional roles? - this example calls openidm.patch from a workflow.
  • How do I retrieve a managed user's attributes? -  this example calls openidm.query from a workflow.

Querying IDM for a list of all managed users

To achieve this in a workflow, you could add the following scriptTask code to the workflow XML file:

<scriptTask id="scripttask1" name="Read Users" scriptFormat="groovy"> <script> params = [_queryId:'query-all-ids'] out:println "script task using resolver: " + openidm.query('managed/user', params) execution.setVariable('params', params) </script> </scriptTask>

Querying IDM for a list of all managed provisioning roles

To achieve this in a workflow, you could add the following scriptTask code to the workflow XML file:

<scriptTask id="scripttask1" name="Read Roles" scriptFormat="groovy"> <script> params = [_queryId:'query-all-ids'] out:println "script task using resolver: " + openidm.query('managed/role', params) execution.setVariable('params', params) </script> </scriptTask>

Patching a managed user to add additional roles

To achieve this in a workflow, you could add the following scriptTask code to the workflow XML file:

<scriptTask id="scripttask1" name="Patch User" scriptFormat="groovy"> <script> patchValue = [[operation: 'replace', field:'description',value:'testing']] out:println "script task using resolver: " + openidm.patch('managed/user/f03d01e8-b3e3-41b0-b2df-50776e9df744', null, patchValue) execution.setVariable('patchValue', patchValue) </script> </scriptTask>

Retrieving a managed user's attributes

To achieve this in a workflow, you could add the following scriptTask code to the workflow XML file:

<scriptTask id="scripttask1" name="Retrieve Attributes" scriptFormat="groovy"> <script> readStartUserFromRepoParams = [_queryId:'for-userName',uid:startUserId] startUserFromRepo = openidm.query('managed/user', readStartUserFromRepoParams) execution.setVariable("startUserFromRepo", startUserFromRepo) </script> </scriptTask>

See Also

How do I use RequireJS to load dependencies inside a workflow in IDM 5.x and 6?

How do I migrate my existing BPMN workflows after upgrading to IDM 5.5 or applying Security Advisory #201705?

Scripts in IDM

Integrator's Guide › Integrating Business Processes and Workflows

Samples Guide › Using a Workflow to Provision User Accounts

Samples Guide › Asynchronous Reconciliation Using a Workflow

Related Training

N/A

Related Issue Tracker IDs

OPENIDM-1245 (Align openidm and activiti contract on scripting(openidm.action() and openidm.patch() failed in a workflow on managed object.))

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.