Integration of Directory-Level Validation with CA IdentityMinder

User Console Design Guide › Validation Rules › How to Configure Validation Rules › How to Configure Directory-Level Validation › Integration of Directory-Level Validation with CA IdentityMinder

Integration of Directory-Level Validation with CA IdentityMinder

Define validation rules and rule sets to CA IdentityMinder through the ImsManagedObjectAttrValidation element of the directory.xml file.

The schema for the ImsManagedObjectAttrValidation element is as follows:

<xs:element name="ImsManagedObjectAttrValidation" minOccurs="0">
   <xs:complexType>
      <xs:sequence>
         <xs:element name="ValidationRule" minOccurs="0"
                                            maxOccurs="unbounded">
            <xs:complexType>
               <xs:choice>
                  <xs:element name="Java">
                     <xs:complexType>
                        <xs:attribute name="class" type="xs:string"
                                                  use="required"/>
                     </xs:complexType>
                            </xs:element>
                  <xs:element name="JavaScript">
                     <xs:complexType>
                        <xs:simpleContent>
                           <xs:extension base="xs:string"/>
                        </xs:simpleContent>
                     </xs:complexType>
                  </xs:element>
                  <xs:element name="JavaScriptFile">
                     <xs:complexType>
                   <xs:attribute name="file" type="xs:string"
                                                use="required"/>
                     </xs:complexType>
                  </xs:element>
                  <xs:element name="RegularExpression">
                     <xs:complexType>
                        <xs:simpleContent>
                           <xs:extension base="xs:string"/>
                        </xs:simpleContent>
                     </xs:complexType>
                  </xs:element>
               </xs:choice>
               <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
               <xs:attribute name="description" type="xs:string"
                                                  use="optional"/>
               <xs:attribute name="messageid" type="xs:string"
                                                  use="required"/>
            </xs:complexType>
         </xs:element>
         <xs:element name="ValidationRuleSet" minOccurs="0"
                                            maxOccurs="unbounded">
            <xs:complexType>
               <xs:sequence>
                  <xs:element name="ValidationRule"
                                            maxOccurs="unbounded">
                     <xs:complexType>
                        <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
                     </xs:complexType>
                  </xs:element>
               </xs:sequence>
               <xs:attribute name="name" type="xs:string"
                                                  use="required"/>
               <xs:attribute name="description" type="xs:string"
                                                  use="optional"/>
            </xs:complexType>
         </xs:element>
      </xs:sequence>
   </xs:complexType>
</xs:element>

The following elements are defined:

ValidationRuleSet

Consists of one or more predefined or custom validation rules. A validation rule is specified in the ValidationRule element.

Both predefined rules and custom rules can appear in the same rule set. Also, a rule set can contain any combination of Java, JavaScript, and regular expression implementations.

Validation rules are performed in the order in which they appear in ValidationRuleSet. This allows for cascading validation, where output from one rule is used as input to the next.

ValidationRuleSet is associated with a managed object attribute in the ImsManagedObjectAttr element of the directory.xml file.

ValidationRule

Specifies a validation rule for use in a ValidationRuleSet.

ValidationRule must contain only one of the following subelements:

Java. References the Java class file that implements the rule.
JavaScript. Contains the inline JavaScript code that implements the rule.
JavaScriptFile. References the JavaScript source file that implements the rule.
RegularExpression. Contains the inline regular expression that implements the rule. The regular expression must be wrapped in CDATA.

Key Attributes

Most of the attributes of the previously described elements are self-explanatory. However, the following attributes require explanation:

Attribute class of element <Java>
With Java validation rules, the Java class must be deployed in the following root location within your application server:
```
iam_im.ear\custom
```
Class files in this root location must be fully qualified, but need no other path information, for example, com.mycompany.MyJavaImpl.
Attribute file of element <JavaScriptFile>
With a validation rule implemented in a JavaScript source file, the file must be deployed in the following root location within your application server:
```
iam_im.ear\custom\validationscripts
```
JavaScript source files in this root location are referenced by name only, for example, MyJavaScriptImpl.js.
Attribute messageid of element <ValidationRule>
The message id specified in this attribute maps to an error message in the resource bundle IMSExceptions.properties.

All types of validation rules (Java, JavaScript, JavaScriptFile, and RegularExpression) contain a messageid attribute.

Example: Inline Regular Expression

The following example shows the predefined Phone pattern validation rule, which is included in the rule set Phone format. The rule is implemented inline as a regular expression:

<ValidationRule name="Phone pattern" description="+nn nnn-nnn-nnnn"
                                                 messageid="4001">
   <RegularExpression>
      <![CDATA[ ((\+|\d)*+(\s*|\x2D))?\d\d\d-\d\d\d-\d\d\d\d]]>
   </RegularExpression>
</ValidationRule>
<ValidationRuleSet name="Phone format" description=
                                 "Verify format +nn nnn-nnn-nnnn">
   <ValidationRule name="Phone pattern" />
</ValidationRuleSet>

In the preceding example, messageid="4001" maps to the following line in IMSExceptions.properties:

4001=Attribute Validation: {0} value must match regular expression
                                                     nnn-nnn-nnnn.

Example: Reference to JavaScript File

The following example specifies the rule EndWithZ_js. This rule is implemented in JavaScript, and the script is located in the file EndWithZ.js. The rule set that includes the rule is not shown in the example:

<ValidationRule name="EndWithZ_js" messageid="custom-5001">
   <JavaScriptFile file="EndWithZ.js" />
</ValidationRule>

In the preceding example, the JavaScript file is assumed to be in the following default location:

iam_im.ear\custom\validationscripts