Enabling the IDM Workflow with ForgeOps v7.x

Introduction

IDM embeds a Flowable Process Engine that initializes in the OSGi container. Workflows are not active by default. This article shows how to enable workflow using Mysql database as data source.

Prerequisites

This article assumes the following:

Note: The CDK is a minimal sample deployment of the ForgeRock Identity Platform on Kubernetes that you can use for demonstration and development purposes.

Steps to configure workflow

IDM needs two configuration files to activate the workflow bundle:

  • workflow.json (The Flowable engine configuration, including the data source).

  • datasource.jdbc-default.json (The default data source for Flowable).

  1. Export config

    • ./config export idm my-profile --sort

    This step will create a directory named, my-profile:

    forgeops/docker/idm/config-profiles/my-profile

  2. Get the following files from on-prem envy and copy it to:

    forgeops/docker/idm/config-profiles/my-profile/conf

    • endpoint-getavailableuserstoassign.json

    • endpoint-getprocessesforuser.json

    • endpoint-gettasksview.json

    • process-access.json

  3. Create workflow.json and datasource.jdbc-myflow.json
    in forgeops/docker/idm/config-profiles/my-profile/conf directory:

{

  "groupResource": {

    "path": "managed/group",

    "queryFilter": "/id eq \"${gid}\""

  },

  "useDataSource": "myflow",

  "userResource": {

    "path": "managed/user",

    "queryFilter": "/userName eq \"${username}\""

  },

  "workflowDirectory": "&{idm.instance.dir}/workflow"

}

Note: myflow needs to match the file name datasource.jdbc-myflow.json 

datasource.jdbc-myflow.json 

{

  "connectionPool": {

    "maximumPoolSize": 50,

    "minimumIdle": 20,

    "type": "hikari"

  },

  "connectionTimeout": 30000,

  "databaseName": "openidm",

  "driverClass": "com.mysql.jdbc.Driver",

  "jdbcUrl": "jdbc:mysql://openidm.:10.x.x.x:3306/openidm?allowMultiQueries=true&characterEncoding=utf8&useSSL=false",

  "password": "yourpassword",

  "username": "openidm"

}
  1. Create workflow dir and copy sample bar files

    • mkdir -p forgeops/docker/idm/config-profiles/my-profile/workflow
    • cp managedUserApproval.bar contractorOnboarding.bar to this newly created workflow
  2. Modify forgeops/docker/idm/Dockerfile

    • COPY --chown=forgerock:root mysql-connector-java-5.1.48-bin.jar /opt/openidm/bundle
  3. Download msql-xversion.jar and copy it to forgeops/docker/idm
    mysql-connector-java-5.1.48-bin.jar

  4. Push the change to docker repo and rebuild Idm

    • . ./forgeops build idm --config-profile my-profile --push-to none
    • ./forgeops delete idm
    • ./forgeops install idm --cdk

Appendix:

Prepare MySQL if it is not set up:

https://backstage.forgerock.com/docs/idm/7.3/install-guide/repository-mysql.html

  1. copy database scripts from pod
  2. kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/openidm.sql openidm.sql
    
    kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/createuser.sql createuser.sql`
    
    kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/flowable.mysql.all.create.sql flowable.mysql.all.create.sql
    
  3. Run the script against the database to set up the flowable data source:
  4. mysql -h hostip -u openidm -p
    
    mysql -u root -p < openidm.sql
    
    mysql -u root -p < createuser.sql
    
    mysql -D openidm -u root -p < flowable.mysql.all.create.sql
    
  5. Check database table content after workflow enabled:
  6. select id_, name_ from ACT_RE_DEPLOYMENT;
    
    select ID_ , REV_ , PROC_DEF_ID_ from ACT_HI_ACTINST;
    

Additional resources

image Identity Management

Documentation

Training Videos

3 Likes