How to add client side validation to Acitiviti workflow form fields in OpenIDM?

This topic has 5 replies, 3 voices, and was last updated 6 years, 4 months ago by omebold.

  • Author
  • #2877

    I have created a activiti workflow in OpenIDM and want to add client side validation like empty check, valid date, valid number etc.
    Please suggest me how to achieve this.



    Orsi pointed me to the following examples that show this:

    – samples/workflow/workflow/contractorOnboarding.bpmn20.xml file: here we use the inline form definition, i.e. the UI fields are defined within the bpmn file. The ‘_formGenerationTemplate’ field contains the template, where all the fields to be rendered on the UI are defined. The name of the field is used by the standard OpenIDM policy mechanism to match the field and the validation rules to be applied to them.

    – samples/usecase/workflow/newUserCreate.bpmn20.xml, nUCStartForm.xml and nUCdecideApprovalForm.xml (3 of them used by usecase2) is doing the same thing but using external UI form template in the xml files. The mechanism is the same: name the fields, add spaceholders for the error message, make sure the policies are defined in policy.json and policy.js and bind the validators to the appropriate object.

    The second example is more human readable, easier to start with.


    Thanks Andi.

    Now, I am able to better understand and could make it work and experiment for the samples.

    But, it is not working for my application. I think "resource" : "managed/user/*" is not applicable to my schema/environment, hence the validation constraints are not working. I am not sure how to decide what to change the above to. I have tried few combinations here like "resource" : "managed/*/*", "resource" : "*", "resource" : "*/user/*" etc.
    Just to give a context, I am trying to create users in OpenDJ through a workflow running in OpenIDM. My base DN is : ou=People,dc=root,dc=com.

    Please could you help.


    Did you add the validation rules to the policy.json file? The policies are defined in the policy.js file, then they are attached to the appropriate fields in the policy.json configuration file. There you can see the examples of “resource” : “managed/user/*” or “resource” : “repo/internal/user/*” . Similar to this, if your DJ is defined as “system/mydj” in the provisioner file: you have to add first in policy.json the policies and then you can try to use those referring to the resource as “system/mydj”.


    I am running my example based on samples/usecase/usecase2 which does not have a provisioner.openicf-ldap.json. I can copy the provisioner.openicf-ldap.json from samples/sample2b and modify try.

    I am creating users in OpenDJ through my workflow in OpenIDM. The workflow makes use of a custom API which calls the OpenDJ REST interface to create users in OpenDJ. The new users reflect in OpenDJ but when I run the CURL command to check the managed users in the OpenIDM, I do not see these new users. Is this because the users created through my workflow are not managed users? How do I make them as managed users when I create through my workflow? I guess if I configure sync all the OpenDJ users get synced to OpenIDM and become managed users. Is it not possible to create managed users without the sync?

    Please could you advice.

    Many thanks.

    • This reply was modified 6 years, 4 months ago by jean.austin.

    To be able to see/connect users in OpenDJ from OpenIDM you need a provisioner file. The file itself won’t do any automatic sync.
    To do some synchronisation you need to create a sync.json file. In that file you can create mappings either from DJ to managed/user or from managed/user to DJ. It depends on your use case what you need.
    If you create the new user in DJ using DJ REST API without any sync.json file then OpenIDM will not know anything about it. One option is to create a managed/user in OpenIDM and define an appropriate mapping to create the user in OpenDJ based on the new managed/user.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?