IdentityIQ workflow extensibility: Illegal request handling

Step 1: Modify stock LCM Provisioning workflow to transition to illegal request handler step when criteria for "illegal request" is detected (e.g., account ends with "_FC"). This transition can be added to the very first step in the workflow.

<Step icon="Start" name="Start">
<Transition to="Illegal Request Handler">
<Script>
   <Source>
    String APP_NAME = "Active_Directory";
    boolean result = false;

    // POC - Check submitted request for illegal
    // criteria (account names, entitlement values).
    //
    AccountRequest ar = plan.getAccountRequest(APP_NAME);
    if (null != ar) {
      System.out.println("...found account request for: " + APP_NAME);
      String accountId = ar.getNativeIdentity();

       // POC - Look for "_FC" suffix on account name
       if (accountId.endsWith("_FC")) {
        System.out.println("..found illegal account in request: " + accountId);
        result = true;
         }
     }

return result;

</Source>
</Script>
</Transition>
<Transition to="Initialize"/>
</Step>

Step 2: Add step for handling illegal account request. In this example, the step sets a return message that will go back to requester and then transitions to the end of the workflow.

<Step action="addMessage" name="Illegal Request Handler">
<Arg name="message">
   <Script>
     <Source>
      return "Your request is not allowed due to policy. Account: " + workflow.get("illegalItem");
     </Source>
   </Script>
</Arg>
<Arg name="type" value="Error"/>
<Transition to="end"/>
</Step>

IdentityIQ workflow extensibility: Illegal request handling