Previous Topic: How to Configure Directory-Level Validation

Next Topic: Association of a Validation Rule Set with a Managed Object Attribute

Integration of Directory-Level Validation with CA Identity Manager

Define validation rules and rule sets to CA Identity Manager through the ImsManagedObjectAttrValidation element of the directory.xml file.

The schema for the ImsManagedObjectAttrValidation element is as follows:

<xs:element name="ImsManagedObjectAttrValidation" minOccurs="0">
   <xs:complexType>
      <xs:sequence>
         <xs:element name="ValidationRule" minOccurs="0"
                                            maxOccurs="unbounded">
            <xs:complexType>
               <xs:choice>
                  <xs:element name="Java">
                     <xs:complexType>
                        <xs:attribute name="class" type="xs:string"
                                                  use="required"/>
                     </xs:complexType>
                            </xs:element>
                  <xs:element name="JavaScript">
                     <xs:complexType>
                        <xs:simpleContent>
                           <xs:extension base="xs:string"/>
                        </xs:simpleContent>
                     </xs:complexType>
                  </xs:element>
                  <xs:element name="JavaScriptFile">
                     <xs:complexType>
                   <xs:attribute name="file" type="xs:string"
                                                use="required"/>
                     </xs:complexType>
                  </xs:element>
                  <xs:element name="RegularExpression">
                     <xs:complexType>
                        <xs:simpleContent>
                           <xs:extension base="xs:string"/>
                        </xs:simpleContent>
                     </xs:complexType>
                  </xs:element>
               </xs:choice>
               <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
               <xs:attribute name="description" type="xs:string"
                                                  use="optional"/>
               <xs:attribute name="messageid" type="xs:string"
                                                  use="required"/>
            </xs:complexType>
         </xs:element>
         <xs:element name="ValidationRuleSet" minOccurs="0"
                                            maxOccurs="unbounded">
            <xs:complexType>
               <xs:sequence>
                  <xs:element name="ValidationRule"
                                            maxOccurs="unbounded">
                     <xs:complexType>
                        <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
                     </xs:complexType>
                  </xs:element>
               </xs:sequence>
               <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
               <xs:attribute name="description" type="xs:string"
                                                  use="optional"/>
            </xs:complexType>
         </xs:element>
      </xs:sequence>
   </xs:complexType>
</xs:element>

The following elements are defined:

ValidationRuleSet

Consists of one or more predefined or custom validation rules. A validation rule is specified in the ValidationRule element.

Both predefined rules and custom rules can appear in the same rule set. Also, a rule set can contain any combination of Java, JavaScript, and regular expression implementations.

Validation rules are performed in the order in which they appear in ValidationRuleSet. This allows for cascading validation, where output from one rule is used as input to the next.

ValidationRuleSet is associated with a managed object attribute in the ImsManagedObjectAttr element of the directory.xml file.

ValidationRule

Specifies a validation rule for use in a ValidationRuleSet.

ValidationRule must contain only one of the following subelements:

Key Attributes

Most of the attributes of the previously described elements are self-explanatory. However, the following attributes require explanation:

Example: Inline Regular Expression

The following example shows the predefined Phone pattern validation rule, which is included in the rule set Phone format. The rule is implemented inline as a regular expression:

<ValidationRule name="Phone pattern" description="+nn nnn-nnn-nnnn"
                                                 messageid="4001">
   <RegularExpression>
      <![CDATA[ ((\+|\d)*+(\s*|\x2D))?\d\d\d-\d\d\d-\d\d\d\d]]>
   </RegularExpression>
</ValidationRule>
<ValidationRuleSet name="Phone format" description=
                                 "Verify format +nn nnn-nnn-nnnn">
   <ValidationRule name="Phone pattern" />
</ValidationRuleSet>

In the preceding example, messageid="4001" maps to the following line in IMSExceptions.properties:

4001=Attribute Validation: {0} value must match regular expression
                                                     nnn-nnn-nnnn.

Example: Reference to JavaScript File

The following example specifies the rule EndWithZ_js. This rule is implemented in JavaScript, and the script is located in the file EndWithZ.js. The rule set that includes the rule is not shown in the example:

<ValidationRule name="EndWithZ_js" messageid="custom-5001">
   <JavaScriptFile file="EndWithZ.js" />
</ValidationRule>

In the preceding example, the JavaScript file is assumed to be in the following default location:

iam_im.ear\custom\validationscripts