Introduction
IDM embeds a Flowable Process Engine that initializes in the OSGi container. Workflows are not active by default. This article shows how to enable workflow using Mysql database as data source.
Prerequisites
This article assumes the following:
-
You have a Mysql database created. Check Appendix for detailed steps if you have not set it up.
-
You have deployed the ForgeRock Identity Platform using the CDK deployment pattern as described in the documentation: Cloud Developer’s Kit 2. (Cloud Developer’s Kit Documentation :: ForgeOps Documentation)
Note: The CDK is a minimal sample deployment of the ForgeRock Identity Platform on Kubernetes that you can use for demonstration and development purposes.
Steps to configure workflow
IDM needs two configuration files to activate the workflow bundle:
-
workflow.json (The Flowable engine configuration, including the data source).
-
datasource.jdbc-default.json (The default data source for Flowable).
-
Export config
./config export idm my-profile --sort
This step will create a directory named, my-profile:
forgeops/docker/idm/config-profiles/my-profile
-
Get the following files from on-prem envy and copy it to:
forgeops/docker/idm/config-profiles/my-profile/conf
-
endpoint-getavailableuserstoassign.json
-
endpoint-getprocessesforuser.json
-
endpoint-gettasksview.json
-
process-access.json
-
-
Create workflow.json and datasource.jdbc-myflow.json
in forgeops/docker/idm/config-profiles/my-profile/conf directory:
{
"groupResource": {
"path": "managed/group",
"queryFilter": "/id eq \"${gid}\""
},
"useDataSource": "myflow",
"userResource": {
"path": "managed/user",
"queryFilter": "/userName eq \"${username}\""
},
"workflowDirectory": "&{idm.instance.dir}/workflow"
}
Note: myflow needs to match the file name datasource.jdbc-myflow.json
datasource.jdbc-myflow.json
{
"connectionPool": {
"maximumPoolSize": 50,
"minimumIdle": 20,
"type": "hikari"
},
"connectionTimeout": 30000,
"databaseName": "openidm",
"driverClass": "com.mysql.jdbc.Driver",
"jdbcUrl": "jdbc:mysql://openidm.:10.x.x.x:3306/openidm?allowMultiQueries=true&characterEncoding=utf8&useSSL=false",
"password": "yourpassword",
"username": "openidm"
}
-
Create workflow dir and copy sample bar files
mkdir -p forgeops/docker/idm/config-profiles/my-profile/workflow
cp managedUserApproval.bar contractorOnboarding.bar
to this newly created workflow
-
Modify forgeops/docker/idm/Dockerfile
COPY --chown=forgerock:root mysql-connector-java-5.1.48-bin.jar /opt/openidm/bundle
-
Download msql-xversion.jar and copy it to forgeops/docker/idm
mysql-connector-java-5.1.48-bin.jar -
Push the change to docker repo and rebuild Idm
. ./forgeops build idm --config-profile my-profile --push-to none
./forgeops delete idm
./forgeops install idm --cdk
Appendix:
Prepare MySQL if it is not set up:
https://backstage.forgerock.com/docs/idm/7.3/install-guide/repository-mysql.html
- copy database scripts from pod
- Run the script against the database to set up the flowable data source:
- Check database table content after workflow enabled:
kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/openidm.sql openidm.sql
kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/createuser.sql createuser.sql`
kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/flowable.mysql.all.create.sql flowable.mysql.all.create.sql
mysql -h hostip -u openidm -p
mysql -u root -p < openidm.sql
mysql -u root -p < createuser.sql
mysql -D openidm -u root -p < flowable.mysql.all.create.sql
select id_, name_ from ACT_RE_DEPLOYMENT;
select ID_ , REV_ , PROC_DEF_ID_ from ACT_HI_ACTINST;
Additional resources
Identity Management
Documentation
Training Videos