This is a weird one.

BASIC overall concept:

User logs in to external Identity Provider, gets SAML assertion to NAM,
NAM federates the account.

NAM then transparently/automatically redirects the user to the UserApp
4.0.1 RBPM module for a workflow.

However, is it possible to have the RBPM module launch a specific
workflow based upon the URL (or rather, NAM would direct them

Basically at that point we have all the necessary information in terms
of the userid and its attributes EXCEPT:

We need to ask the user two VALIDATION question that are related, before
we actually "provision" the user and let them through.

The two pieces of information are actually codes (numeric) coming from
an Oracle database, so we'll probably have to use IDM JDBC driver to
populate that to an object, since I don't believe there's any nice way
to have UA perform queries directly (not to mention security concerns).

So the user needs to enter a Customer ID # that they received from us
via some mechanism.
We need to check/verify that's a valid # against (presumably) the object
in eDir that holds those values from the database.

THEN, we ask a second code (some other #) that's related to the Customer
ID (so that you can't just know two completely separate pieces of
information and be validated).

In other words:
Mary has a customer ID of: 1234
Under that customer ID (in the database) are a list of other "valid"

As long as Mary enters:
another valid #

We want the US RBPM to auto-approve (lack of a better term) the request
and away she goes.

What cannot happen:
Mary knows HER customer number and SOMEONE else's other valid # and be

Any ideas if technically this can be done?

Or if there is a BETTER way to do this (still within the RBPM module and
not having to custom write a diff. piece of software to do this)?


kjhurni's Profile:
View this thread: