Powered by Algolia

    Pre/PostProcessor

    Pre/PostProcessor groovy scripts are called within the provisioning process upon creating/editing a user. It can also be called at synchronizations, in case while configuring synchronization a user checked a Provision to target system field, as shown below.

    Provisiong to target system checked

    When admin presses Save after creating/editing a user, the first script to be run is Pre Processor script, allowing a script developer to create any type of customization needed. There are no limits for what can this script do.

    The common use examples of these scripts are:

    1. Any custom logic that can't be implemented by business rule;
    2. In v 4.2.1.x to entitle user to whole hierarchy tree of access, example if user got assigned to the role A, in PreProcessor script developer can fetch all groups/child roles of the role A and explicitly entitle them with the user; 
    3. PostProcessor can be used to send out email notifications about provisioning event being completed (ususally used in new hire case to send out notfication to Help Desk)

    In short, the script has a method for every event: add, modify, any provisioning operation and other. It is called depending on operation is happening to user at the very moment. Hence, within this method user can add the desired logic.

    After PreProcessor script, Managed System Policy map groovy scripts are run. All the groovy scripts marked as active in the user policy map for specific Managed Systems will be called.

    After they finished proceeding, the PostProcessor script is called. PostProcessor script has the same methods as PreProcessor, the only difference is that it is called after provisioning.

    Note: There is a common misunderstanding that a PostProcessor script is run after a response from a connector is achived (save/fail save). Unlike that, PostProcessor is not called after the connector response, but in parallel, after the provisioning. PostProcessor script doesn't containg the connector response. Connector operation and the Post Processor script are parallel processes.

    In both Pre/PostProcessor script user can use any services available, such as: 

    @Autowired
        UserRabbitMQService userRabbitMQService;
    

    @Autowired
        private MailRabbitMQService mailRabbitMQService
    

    @Autowired
        private UserRabbitMQService userRabbitMQService
    

    @Autowired
        private MetadataTypeRabbitMQService metadataTypeRabbitMQService
    

    @Autowired
        private LoginMQService loginMQService
    

    @Autowired
        private RoleRabbitMQService roleRabbitMQService

    Here, OpenIAM gives a user freedom to call upon any service and perform any operation needed/wanted.

    Previous
    Configure Provisioning
    Next
    Incremental synchronization