How to Configure Directory-Level Validation

You configure directory-level validation in the directory.xml file and in a task screen. The basic steps are as follows:
cim1265
You configure directory-level validation in the directory.xml file and in a task screen. The basic steps are as follows:
  • In the directory.xml file, do the following:
    • Specify a validation rule in the ValidationRule element.
    • Specify a rule set in the ValidationRuleSet element. A rule set contains one or more predefined rules, custom validation rules, or rules of both types.
    • Associate a rule set with a managed object attribute in the ImsManagedObjectAttr element.
  • In a task screen, the field to be validated must be configured with the attribute mapped to the rule set.
This page contains the following topics:
Integration of Directory-Level Validation with
Identity Manager
Define validation rules and rule sets to
Identity Manager
through the ImsManagedObjectAttrValidation element of the directory.xml file.
The schema for the ImsManagedObjectAttrValidation element is as follows:
<xs:element name="ImsManagedObjectAttrValidation" minOccurs="0">    <xs:complexType>       <xs:sequence>          <xs:element name="ValidationRule" minOccurs="0"                                             maxOccurs="unbounded">             <xs:complexType>                <xs:choice>                   <xs:element name="Java"> <xs:complexType>                         <xs:attribute name="class" type="xs:string"                                                   use="required"/>                      </xs:complexType> </xs:element>                   <xs:element name="JavaScript">                      <xs:complexType>                         <xs:simpleContent>                            <xs:extension base="xs:string"/>                         </xs:simpleContent>                      </xs:complexType>                   </xs:element>      ��            <xs:element name="JavaScriptFile">                      <xs:complexType>                    <xs:attribute name="file" type="xs:string"                                                 use="required"/>                      </xs:complexType>                   </xs:element>                   <xs:element name="RegularExpression">                      <xs:complexType>                         <xs:simpleContent>                            <xs:extension base="xs:string"/>                         </xs:simpleContent>                      </xs:complexType>                   </xs:element>                </xs:choice>        ��       <xs:attribute name="name" type="xs:string"                                                   use="required"/>                <xs:attribute name="description" type="xs:string"                                                   use="optional"/>                <xs:attribute name="messageid" type="xs:string"                                                   use="required"/>             </xs:complexType>          </xs:element>          <xs:element name="ValidationRuleSet" minOccurs="0"                                             maxOccurs="unbounded">             <xs:complexType>                <xs:sequence>                   <xs:element name="ValidationRule"                                             maxOccurs="unbounded">                      <xs:complexType>                         <xs:attribute name="name" type="xs:string"                                                   use="required"/>                      </xs:complexType>                   </xs:element>                </xs:sequence>                <xs:attribute name="name" type="xs:string"                                                   use="required"/>                <xs:attribute name="description" type="xs:string"                                                   use="optional"/>             </xs:complexType>          </xs:element>       </xs:sequence>    </xs:complexType> </xs:element>
 
The following elements are defined:
  • ValidationRuleSet
    Consists of one or more predefined or custom validation rules. A validation rule is specified in the ValidationRule element.
    Both predefined rules and custom rules can appear in the same rule set. Also, a rule set can contain any combination of Java, JavaScript, and regular expression implementations.
    Validation rules are performed in the order in which they appear in ValidationRuleSet. This allows for cascading validation, where output from one rule is used as input to the next.
    ValidationRuleSet is associated with a managed object attribute in the ImsManagedObjectAttr element of the directory.xml file.
  • ValidationRule
    Specifies a validation rule for use in a ValidationRuleSet.
    ValidationRule must contain only
    one
    of the following subelements:
    • Java. References the Java class file that implements the rule.
    • JavaScript. Contains the inline JavaScript code that implements the rule.
    • JavaScriptFile. References the JavaScript source file that implements the rule.
    • RegularExpression. Contains the inline regular expression that implements the rule. The regular expression must be wrapped in CDATA.
  • Key Attributes
    Most of the attributes of the previously described elements are self-explanatory. However, the following attributes require explanation:
    • Attribute class of element <Java>
      With Java validation rules, the Java class must be deployed in the following root location within your application server:
      iam_im.ear\custom
      Class files in this root location must be fully qualified, but need no other path information, for example, com.mycompany.MyJavaImpl.
    • Attribute file of element <JavaScriptFile>
      With a validation rule implemented in a JavaScript source file, the file must be deployed in the following root location within your application server:
      iam_im.ear\custom\validationscripts
      JavaScript source files in this root location are referenced by name only, for example, MyJavaScriptImpl.js.
    • Attribute messageid of element <ValidationRule>
      The message id specified in this attribute maps to an error message in the resource bundle IMSExceptions.properties.
      All types of validation rules (Java, JavaScript, JavaScriptFile, and RegularExpression) contain a messageid attribute.
Example: Inline Regular Expression
The following example shows the predefined Phone pattern validation rule, which is included in the rule set Phone format. The rule is implemented inline as a regular expression:
<ValidationRule name="Phone pattern" description="+nn nnn-nnn-nnnn"                            ��                     messageid="4001">    <RegularExpression>       <![CDATA[ ((\+|\d)*+(\s*|\x2D))?\d\d\d-\d\d\d-\d\d\d\d]] >    </RegularExpression> </ValidationRule> <ValidationRuleSet name="Phone format" description=                                  "Verify format +nn nnn-nnn-nnnn">    <ValidationRule name="Phone pattern" /> </ValidationRuleSet>
In the preceding example, messageid="4001" maps to the following line in IMSExceptions.properties:
4001=Attribute Validation: {0} value must match regular expression                                                      nnn-nnn-nnnn.
Example: Reference to JavaScript File
The following example specifies the rule EndWithZ_js. This rule is implemented in JavaScript, and the script is located in the file EndWithZ.js. The rule set that includes the rule is not shown in the example:
<ValidationRule name="EndWithZ_js" messageid="custom-5001">    <JavaScriptFile file="EndWithZ.js" /> </ValidationRule>
In the preceding example, the JavaScript file is assumed to be in the following default location:
iam_im.ear\custom\validationscripts
Association of a Validation Rule Set with a Managed Object Attribute
Associate a validation rule set with a managed object attribute through the ImsManagedObjectAttr element of the directory.xml file.
In the following example, the validation rule set Phone format is associated with the managed object attribute telephonenumber:
<ImsManagedObjectAttr physicalname="telephonenumber" displayname="Business Phone" description="Business Phone" valuetype="String" required="false" multivalued="false" maxlength="0" validationruleset="Phone format" />
When a managed object attribute is associated with a validation rule set, the rule set name is displayed in the Attribute Properties screen of the Management Console.
Association of a Validation Rule Set with a Task Screen Field
With directory-level validation, you can associate a rule set with a task screen field indirectly, as follows:
  1. Associate the rule set with a managed object attribute, as described in the previous section.
  2. Be sure that the task screen field to be validated is configured with the managed object attribute associated with the rule set. At runtime, a field value supplied by an end user is validated against the rules in the rule set.
Typically, task screen fields are already configured with attributes. However, you can add a field to a task screen, or you can change the attribute assigned to a field. In those cases, if you want the value supplied to the field to be subject to directory-level validation, configure the field with an attribute that is mapped in directory.xml to the appropriate rule set.