The Manual Task Service Driver is designed to notify one or more users that a data event has occurred and whether any action is required on the users' part. In an employee provisioning scenario, the data event might be the creation of a new User object and the user action might include assigning an office number by entering data into eDirectory or by entering data in an application. Other scenarios include notifying an administrator that a new user object has been created, notifying an administrator that a user has changed data on an object, etc.
Configuring the Manual Task Service Driver usually consists of configuring two separate but related subsystems: the Subscriber channel policies and e-mail templates, and the Publisher channel Web server templates and policies.
In addition, driver parameters such as SMTP server name, Web server port number, etc., must be configured.
In this section:
Installation: The Driver for Manual Task Service is automatically installed when you install the option using the Identity Manager installation program.
Platforms: The driver runs on the platforms supported by Identity Manager and the Remote Loader.
Activation: The driver does not require separate activation. When you activate the Metadirectory engine, this driver is also activated.
In this section, you will find information about how various driver functionality works.
Two primary modes of operation are supported:
Direct Request for Data: An e-mail message is sent requesting that a user enter data into eDirectory (possibly for consumption by another application). The e-mail recipient responds to the message by clicking a URL in the message. The URL points to the Web server running in the Publisher channel of the Manual Task Service Driver. The user then interacts with dynamic Web pages generated by the Web server to authenticate to eDirectory™ and to enter the requested data.
Event Notification: An e-mail message is sent to a user without involving the Publisher channel. The e-mail message might simply be notification that something occurred in eDirectory, or it might be a request for data through a method other than the Publisher channel's Web server, such as Novell iManager, another application, or a custom interface.
The following is an employee provisioning example scenario in which a new employee's manager assigns the employee a room number:
A new User object is created in eDirectory (for example, by the DirXML driver for the company's HR system).
The Manual Task Service Driver Subscriber sends an SMTP message to the user's manager and to the manager's assistant. The SMTP message contains a URL that refers to the Publisher channel Web server. The URL also contains data items identifying the user and identifying those authorized to submit the requested data.
The manager or the manager's assistant clicks the URL in the e-mail message to display an HTML form in a Web browser. The manager or assistant then does the following:
Selects the DN for his or her eDirectory User object as a means of identifying who is responding to the e-mail message.
Enters his or her eDirectory password.
Enters the room number for the new employee.
Clicks the Submit button.
The room number for the new employee is submitted to eDirectory via the Manual Task Service Driver Publisher channel.
The following is an example scenario in which a new employee's manager assigns the employee a computer in an asset management system:
A new User object is created in eDirectory (for example, by the DirXML driver for the company's HR system).
The Manual Task Service Driver Subscriber sends an SMTP message to the user's manager and to the manager's assistant. The SMTP message contains instructions for entering data into the asset management system.
The manager or assistant enters data into the asset management system.
(Optional) The computer identification data is brought into eDirectory via a DirXML driver for the asset management system.
E-mail messages, HTML Web pages, and XDS documents can all be considered documents. The Manual Task Service Driver creates documents dynamically, based on information supplied to the driver.
Templates are XML documents that contain the boilerplate or fixed portions of a document together with replacement tokens that indicate where the dynamic, or replacement, portions of the final, constructed document appear.
Both the Subscriber channel and the Publisher channel of the Manual Task Service Driver use templates to create documents. The Subscriber channel creates e-mail messages and the Publisher channel creates Web pages and XDS documents.
The dynamic portion of a document is supplied via replacement data. Replacement data on the Subscriber channel is supplied by the Subscriber channel policies (such as the Command Transformation policy). Replacement data on the Publisher channel is supplied by HTTP data to the Web server (both URL data and HTTP POST data). The Manual Task Service Driver can automatically supply certain data known to the Manual Task Service Driver (such as the Web server address).
The templates are processed by XSLT style sheets. These template-processing style sheets are separate from style sheets used as DirXML policies in the Subscriber or Publisher channels.
The replacement data is supplied as a parameter to the XSLT style sheet. The output of the style sheet processing is an XML, HTML, or text document that is used as the body of an e-mail message, as a Web page, or as a submission to DirXML on the Publisher channel.
Replacement data is passed from the Subscriber channel to the Publisher channel via a URL in the e-mail message. The URL contains a query portion that contains the replacement data items.
The Manual Task Service Driver ships with predefined style sheets sufficient to process templates in order to create e-mail documents, HTML documents, and XDS documents. Other custom style sheets can be written to provide additional processing options if desired.
An advanced method of creating documents is also available, which uses only an XSLT style sheet and replacement data. No template is involved. However, this guide assumes the template method is used because the template method is easier to configure and maintain without XSLT programming knowledge.
This section describes document creation templates as used in the Manual Task Service Driver.
Templates are XML documents that are processed by a style sheet in order to generate an output document. The output document can be XML, HTML, or plain text (or anything else that can be generated using XSLT).
Templates are used to generate e-mail message text on the Subscriber channel, and to generate dynamic Web pages and XDS documents on the Publisher channel.
Templates contain text, elements, and replacement tokens. Replacement tokens are replaced in the output document by data supplied to the style sheet processing the template.
Several examples of templates for various purposes follow. In the examples, the replacement tokens are the character strings that are between two $ characters and appear in bold.
Templates can also contain action elements. Action elements are control elements interpreted by the template-processing style sheet. Action elements are described in Section F.0, Manual Task Service Driver: Template Action Elements Reference. In the following examples action elements also appear in bold.
The following example template is used to generate an HTML e-mail message body:
<html xmlns:form="http://www.novell.com/dirxml/manualtask/form"> <head></head> <body> Dear $manager$,<p/> <p> This message is to inform you that your new employee <b>$given-name$ $surname$</b> has been hired. <p> You need to assign a room number for this individual. Click <a href="$url$">Here</a> to do this. </p> <p> Thank you,<br/> HR Department </p> </body> </html>
The following example template is used to generate a plain text e-mail message body:
<form:text xmlns:form="http://www.novell.com/dirxml/manualtask/form"> Dear $manager$, This message is to inform you that your new employee $given-name$ $surname$ has been hired. You need to assign a room number for this individual. Use the following link to do this: $url$ Thank you, The HR Department </form:text>
The <form:text> element is required because templates must be XML documents. The <form:text> element is stripped as part of the template processing.
The following template is used to generate an HTML form used as a Web page for entering data:
<html xmlns:form="http://www.novell.com/dirxml/manualtask/form"> <head> <title>Enter room number for $subject-name$</title> </head> <body> <link href="novdocmain.css" rel="style sheet" type="text/css"/> <br/><br/><br/><br/> <form class="myform" METHOD="POST" ACTION="$url-base$/process_template.xsl"> <table cellpadding="5" cellspacing="10" border="1" align="center"> <tr><td> <input TYPE="hidden" name="template" value="post_form.xml"/> <input TYPE="hidden" name="subject-name" value="$subject-name$"/> <input TYPE="hidden" name="association" value="$association$"/> <input TYPE="hidden" name="response-style sheet" value="process_template.xsl"/> <input TYPE="hidden" name="response-template" value="post_response.xml"/> <input TYPE="hidden" name="auth-style sheet" value="process_template.xsl"/> <input TYPE="hidden" name="auth-template" value="auth_response.xml"/> <input TYPE="hidden" name="protected-data" value="$protected-data$"/> You are:<br/> <form:if-single-item name="responder-dn"> <input TYPE="hidden" name="responder-dn" value="$responder-dn$"/> $responder-dn$ </form:if-single-item> <form:if-multiple-items name="responder-dn"> <form:menu name="responder-dn"/> </form:if-multiple-items> </td></tr> <tr><td> Enter your password: <br/> <input name="password" TYPE="password" SIZE="20" MAXLENGTH="40"/> </td></tr> <tr><td> Enter room number for $subject-name$:<br/> <input TYPE="text" NAME="room-number" SIZE="20" MAXLENGTH="20" value="$query:roomNumber$"/> </td></tr> <tr><td> <input TYPE="submit" value="Submit"/> <input TYPE="reset" value="Clear"/> </td></tr> </table> </form> </body> </html>
The following template is used to generate an XDS document:
<nds>
<input>
<modify class-name="User" src-dn="not-applicable">
<association>$association$</association>
<modify-attr attr-name="roomNumber">
<remove-all-values/>
<add-value>
<value>$room-number$</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
The items delimited by $ in the above example templates are replacement tokens. For example, $manager$ is replaced by the manager's actual name.
Replacement tokens can appear either in text or in XML attribute values (note the href value on the <a> element in the first example above).
Replacement data consists of strings that take the place of replacement tokens in the output document generated from a template. Replacement data is either supplied by Subscriber channel data, Publisher channel HTTP data, or it is supplied automatically by the driver. An additional type of replacement data is data retrieved from eDirectory via Identity Manager (query data). Replacement data is more fully described in Section D.0, Manual Task Service Driver: Replacement Data.
Subscriber channel data: Subscriber channel replacement data is of two types. The first type is used as replacement values for replacement tokens in templates for creating e-mail messages. The second type is placed in the query portion of a URL so that the data is available for use on the Publisher channel when the URL is submitted to the Publisher's Web server.
HTTP data: Replacement data is supplied to the Publisher channel Web server as URL query string data, HTTP POST data, or both.
Automatic data: The Manual Task Service Driver supplies automatic data. Automatic data items are described in Section E.0, Manual Task Service Driver: Automatic Replacement Data Items.
Query data: Replacement tokens that start with query: are considered requests to obtain current data from eDirectory. The portion of the token that follows query: is the name of an eDirectory object attribute. The object to query is specified by one of the replacement data items association, src-dn, or src-entry-id. The items are considered in the order presented in the preceding sentence.
Action elements are namespace-qualified elements in the template that are used for simple logic control or that are used to create HTML elements for HTML forms. The namespace used to qualify the elements is http://www.novell.com/dirxml/manualtask/form. In this document and in the sample templates supplied with the Manual Task Service driver, the prefix used is form.
The elements appearing in bold in the above examples are action elements.
Action elements are described in detail in Section F.0, Manual Task Service Driver: Template Action Elements Reference.
The Subscriber channel of the Manual Task Service Driver is designed to send e-mail messages. To accomplish this, the driver supports a custom XML element named <mail>. Policies on the Subscriber channel construct a <mail> element in response to some eDirectory event (such as the creation of a user). An example <mail> element appears below:
<mail src-dn="\PERIN-TAO\novell\Provo\Joe">
<to>JStanley@novell.com</to>
<cc>carol@novell.com</cc>
<reply-to>HR@novell.com</reply-to>
<subject>Room Assignment Needed for: Joe the Intern</subject>
<message mime-type="text/html">
<stylesheet>process_template.xsl</stylesheet>
<template>html_msg_template.xml</template>
<replacement-data>
<item name="manager">JStanley</item>
<item name="given-name">Joe</item>
<item name="surname">The Intern</item>
<url-data>
<item name="file">process_template.xsl</item>
<url-query>
<item name="template">form_template.xml</item>
<item name="responder-dn" protect="yes">\PERIN-TAO\big-org\phb</item>
<item name="responder-dn" protect="yes">\PERIN-TAO\big-org\carol</item>
<item name="subject-name">Joe The Intern</item>
</url-query>
</url-data>
</replacement-data>
<resource cid="css-1">novdocmain.css</resource>
</message>
<message mime-type="text/plain">
<stylesheet>process_text_template.xsl</stylesheet>
<template>txt_msg_template.xml</template>
<replacement-data>
<item name="manager">JStanley</item>
<item name="given-name">Joe</item>
<item name="surname">The Intern</item>
<url-data>
<item name="file">process_template.xsl</item>
<url-query>
<item name="template">form_template.xml</item>
<item name="responder-dn" protect="yes">\PERIN-TAO\big-org\phb</item>
<item name="responder-dn" protect="yes">\PERIN-TAO\big-org\carol</item>
<item name="subject-name">Joe The Intern</item>
</url-query>
</url-data>
</replacement-data>
</message>
<attachment>HR.gif</attachment>
</mail>
The Subscriber of the Manual Task Service Driver uses the information contained in the <mail> element to construct an SMTP e-mail message. A URL can be constructed and inserted into the e-mail message through which the e-mail recipient can respond to the e-mail message. The URL can point to the Publisher channel Web server or it can point to some other Web server.
The <mail> element and its content are described in detail in Section G.0, Manual Task Service Driver: <mail> Element Reference.
The Publisher channel of the Manual Task Service Driver runs a Web server configured so that users can enter data into eDirectory through a Web browser. The Web server is designed to work in conjunction with e-mail messages sent from the Subscriber channel of the Manual Task Service Driver.
The Publisher channel Web server can serve static files and dynamic content. Examples of static files are .css style sheets, images, etc. Examples of dynamic content are Web pages that change based on the replacement data contained in the URL or HTTP POST data.
The Publisher channel Web server is normally configured to allow a user to enter data into eDirectory in response to an e-mail that was sent by the Subscriber channel. A typical user interaction with the Web server is as follows:
The user submits the URL from the e-mail message to the Web server using a Web browser. The URL specifies the style sheet, template, and replacement data used to create a dynamic Web page (typically containing an HTML form).
The Web server creates an HTML page by processing the template with the style sheet and replacement data. The HTML page is returned to the user’s Web browser as the resource referred to by the URL.
The browser displays the HTML page and the user enters the requested information.
The browser sends an HTTP POST request containing the entered information as well as other information that originated from the e-mail URL. The DN of the user responding to the e-mail and the user’s password must be in the POST data.
The Web server authenticates the user using the user’s DN and password. If the authentication fails, then a Web page containing a failure message is returned as the result of the POST request. The failure message can be constructed using a style sheet and template specified in the POST data. If authentication succeeds, then processing continues.
The Web server constructs an XDS document using a style sheet and template specified in the POST data. The XDS document is submitted to Identity Manager on the Publisher channel.
The result of the XDS document submission, together with a style sheet and template specified in the POST data, is used to construct a Web page indicating to the user the result of the data submission. This Web page is sent to the browser as the result of the POST request.
This section describes configuring the Manual Task Service Driver’s parameters and templates.
This section describes parameters that appear in the “Driver Settings” section in the driver object user interface.
Many of these parameters are actually for the Publisher channel Web server. They appear under the Driver Settings area because the Manual Task Service Driver Subscriber also needs access to them.
This parameter is an eDirectory DN of a container object. The Manual Task Service Driver can load XML documents (including XSLT style sheets) from eDirectory as well as from disk. If XML documents should be loaded from eDirectory, this parameter identifies the root container from which documents are loaded.
Documents loaded from eDirectory reside in the attribute value of an eDirectory object. If unspecified, the attribute is XmlData. The attribute can be specified by appending a # character followed by the attribute name to the name of the object containing the document.
For example, suppose that the document base DN is specified to be “novell\Manual Task Documents” and that there is a container under “Manual Task Documents” named “templates.”
If a DirXML-Style Sheet object named “e-mail _template” resides under the “templates” directory, then the following resource identifiers can be used to refer to the XML document: “templates/e-mail _template” or “templates/e-mail _template#XmlData”.
The resource identifiers can be supplied as replacement data, URL data, or HTTP POST data. For example, the following element might appear under a <message> element on the Subscriber channel:
<template>templates/e-mail _template#XmlData</template>
This parameter identifies a file system directory that is used as the base directory for locating resources such as templates, XSLT style sheets, and other file resources served by the Publisher channel Web server. Example values are:
This parameter indicates whether the Publisher channel should run a Web server or not. Set the parameter to true if the Web server should be run or false if the Web server should not be run.
If the Manual Task Service Driver is only to be used for sending e-mail with no response URL, or with a URL that points to another application, then the HTTP server should not be run, to save system resources.
This parameter allows you to specify on which of multiple, local IP addresses the Publisher channel Web server will listen for HTTP requests.
Leaving the HTTP IP address or host name parameter value blank causes the Publisher channel Web server to listen on the default IP address. For servers with a single IP address, this is sufficient. Placing a dot-notation IP address as the parameter value causes the Publisher channel Web server to listen for HTTP requests on the address specified.
Note that the value specified for HTTP IP address or host name is used by the Subscriber channel mail handler to construct URLs if the host name or address is not specified in the mail command element. If the parameter Use HTTP server (true|false) is set to false, then HTTP IP address or host name can be used to specify the address or name of a Web server to use in constructing URLs for mail messages.
This parameter is an integer value indicating which TCP port the Publisher channel Web server should listen on for incoming requests. If this value is not specified, the port number defaults to 80 or 443, depending on whether or not SSL is being used for the Web server connections.
If the Manual Task Service Driver is running on the Identity Manager server (that is, it is not being run under the Remote Loader on a remote machine) then the HTTP port should be set to something other than 80 or 443. This is because iMonitor or another process is typically using ports 80 and 443.
If it is not blank, this parameter is the name of an eDirectory Key Material Object that contains the server certificate and key used for SSL by the Publisher channel Web server.
Setting this parameter causes the Publisher channel Web server to use SSL for servicing HTTP requests.
This parameter takes precedence over any Java* keystore parameters (see below).
Using SSL is recommended for security reasons because eDirectory passwords are passed in HTTP POST data when using the Publisher channel Web serve
This parameter, together with Keystore password, Name of certificate(key alias), and Certificate password (key password), is used to specify a Java keystore file that contains a certificate and key used for SSL by the Publisher channel Web server.
Setting this parameter causes the Publisher channel Web server to use SSL for servicing HTTP requests.
If the Name of KMO parameter is set, then this parameter and its associated parameters are ignored.
Using SSL is recommended for security reasons because eDirectory passwords are passed in HTTP POST data when using the Publisher channel Web server.
This parameter specifies the password for the Java keystore file specified with the Name of keystore file parameter.
This parameter specifies the name of the certificate to use in the Java keystore file specified with the Name of keystore file parameter.
This parameter specifies the password for the certificate specified using the Name of certificate (key alias) parameter.
Settings for the Subscriber channel are described in this section.
This parameter specifies the name of the SMTP server that the Subscriber channel will use to send e-mail messages.
If the SMTP server specified using the SMTP server parameter requires authentication then this parameter specifies the account name to use for authentication. The password used is the Application password associated with the driver Authentication parameters.
If specified, this is an e-mail address used in the SMTP from field for e-mail messages sent by the Subscriber channel. If this is not specified, then the <mail> elements sent to the Subscriber must contain a <from> element.
A <from> element under <mail> elements sent to the Subscriber overrides this parameter.
If specified, then this is a whitespace-separated list of Java class names. Each class name is a custom class that implements the com.novell.nds.dirxml.driver.manualtask.CommandHandler interface and handles a custom XDS element. (The handler for <mail> is a built-in handler).
Additional information about custom handlers is available in Section I.0, Manual Task Service Driver: Custom Element Handlers for the Subscriber Channel.
Settings for the Publisher channel are described in this section.
If non-blank, this is a whitespace-separated list of Java class names. Each class name is a custom class that extends javax.servlet.http.HttpServer. Custom servlets can be used to extend the functionality of the Publisher channel Web server.
Additional information about custom servlets is available in Section J.0, Manual Task Service Driver: Custom Servlets for the Publisher Channel.
The configuration of the Subscriber channel policies depends on what a particular installation wants to accomplish with the Manual Task Service Driver. However, there are certain guidelines that might be helpful.
In general, the best place to construct a <mail> element to send to the Subscriber is in the Command Transformation policy. The reason for this is that most DirXML engine processing has been completed by the time commands reach the Command Transformation policy. This means that Create Policies have been processed for add events (allowing vetoing of add events for objects that don't have all the attributes necessary for constructing the e-mail, for example). This also means that modify events for objects without associations have already been converted to add events.
The XSLT style sheet that constructs the e-mail message might or might not need to query eDirectory for additional information.
For example, if the e-mail message is simply a welcome message to a new employee, then the add command can contain all the information necessary: Given Name, Surname, and Internet E-mail Address. This is accomplished by specifying in the Create policy that Given Name, Surname, and Internet E-mail Address are required attributes. This ensures that only add commands that contain the necessary information can reach the Command Transformation.
However, if the e-mail message is a message to the manager of an employee, then the style sheet needs to query eDirectory. The manager DN can be obtained from the add event for the employee's User object, but a query must be made to obtain the manager's e-mail address because that information is an attribute of the manager's User object.
In addition, if e-mail notifications are being generated as the result of modify commands for objects that are associated with the driver, then queries must be made to obtain information not contained in the modify command.
If e-mail messages are to be generated from events other than add events, then add events must be allowed to reach the Subscriber for those objects that are to be monitored. Allowing add events to reach the Subscriber results in a generated association value being returned to Identity Manager from the Subscriber.
It is important that eDirectory objects to be monitored by the Manual Task Service Driver policies have an association for the Manual Task Service Driver. Only objects that have an association will have delete, rename, and move events reported to the driver. In addition, modify events on objects that do not have an association are converted to add events after the Subscriber channel event transformation.
All other commands (modify, move, rename, and delete) should be blocked by the Command Transformation policy and prevented from reaching the Subscriber. The Subscriber handles only <add> commands and <mail> commands. Other commands result in the Subscriber returning an error.
E-mail messages are sent by the Subscriber in response to receiving a <mail> element that describes the e-mail message to be sent. See Section G.0, Manual Task Service Driver: <mail> Element Reference for a description of the <mail> element and its content.
E-mail messages can be generated in response to any Identity Manager event (add, modify, rename, move, delete).
The replacement data that is supplied with the <message> element children of a <mail> element depends on two primary factors:
The template used to generate the message body. Replacement items to be used by the e-mail template appear as children of the <replacement-data> element.
The information needed by the Web page templates on the Publisher channel if the e-mail is to result in a response on the Publisher channel. Replacement items to be used by the Web page templates appear as children of the <url-query> element, which is a child of <url-data>, which in turn is a child of <replacement-data>.
If the e-mail message should contain a URL that points to the Publisher channel Web server and is used to solicit information from a user, then the replacement data must contain at least one responder-dn item. The values of the responder-dn items must be the DNs of the User objects of the users to which the message is being sent.
If a query replacement token (see Replacement Data) is used in the template, then the replacement data for the <message> element must contain an item named src-dn, src-entry-id, or association with the appropriate value. An association item can only be used if the eDirectory object to be queried already has an association for the Manual Task Service Driver. The association generated by the Subscriber for unassociated objects cannot be used because it hasn't been written to the eDirectory object when the query takes place.
The <message> element can specify the MIME type of the message body. If the MIME type is specified but a style sheet is not specified (that is, there is no <stylesheet> element child of <message>) then one of two default style sheet names is used. If the MIME type is text/plain, the default style sheet name is process_text_template.xsl. If the MIME type is anything other than text/plain, the default style sheet name is process_template.xsl.
E-mail templates are XML documents containing boilerplate and replacement tokens. E-mail templates are used to generate e-mail message body text. See Templates for general information about templates.
The replacement tokens used in an e-mail template dictate the <item> elements that must be supplied as children of the <replacement-data> element that is constructed by the Subscriber channel policy that constructs the <mail> element. For example, if the e-mail template has the replacement token $employee-name$ then there must be an <item name=“employee-name”> element in the replacement data for the <message> element. If the employee name item is not present, the resulting e-mail message body has no text in the location occupied by the replacement token in the template.
E-mail templates can be used to generate message bodies that are plain text, HTML, or XML.
If an e-mail template generates a plain text message, it must be processed by a style sheet that specifies plain text as its output type. If the style sheet does not specify plain text as its output type, then undesirable XML escaping will occur. The default Manual Task Service Driver style sheet, process_text_template.xsl, is normally used for processing templates that result in plain text.
In most implementations of the Manual Task Service Driver, no Publisher channel policies are needed. This is because is it possible to construct the Web page and XDS templates so they result in exactly the XDS required and the XDS need not be further processed by policies.
If policies are required they will be very specific to an installation.
Web page templates are XML documents containing boilerplate and replacement tokens. Web page templates are used to generate Web page documents (typically HTML documents). See Templates for general information about templates.
Replacement tokens in Web page templates dictate what replacement data is supplied as URL query data on the Subscriber channel. Replacement data on the Publisher channel is obtained from the URL query string for HTTP GET requests and from the URL query string and the POST data for HTTP POST requests.
As an example of the flow of replacement data from the Subscriber channel to the e-mail message and then to the Publisher channel Web server, consider the following scenario.
The Manual Task Service Driver is configured so that a new employee's manager is asked to assign a room number to the new employee. The trigger for the e-mail to the manager is the <add> command for a new User object that is processed by the Subscriber channel Command Transformation policy.
When the manager clicks a URL in the e-mail message, a Web page is displayed in the manager's Web browser. The Web page must indicate for whom the manager is entering a room number.
To accomplish this, the <url-query> element on the Subscriber channel contains a replacement data item that identifies the new user by name:
<item name=”subject-name”>Joe the Intern</item>
This causes the URL query string to contain (among other things) “subject-name=Joe%20the%20Intern”. (The “%20” is a URL-encoded space).
The manager's Web browser submits the URL to the Publisher channel Web server when the manager clicks the URL in the e-mail message. The Web server constructs a replacement data item named subject-name with the value Joe the Intern.
The Web page template also specified by the URL contains a replacement token $subject-name$. When the Web page template is processed by the style sheet to construct the Web page, the replacement token is replaced by Joe the Intern, which customizes the Web page for the employee whose User object creation caused the e-mail to be sent.
For additional information on a complete Subscriber-channel-to-Publisher-channel transaction, see Section H.0, Manual Task Service Driver: Data Flow Scenario for New Employee.
XDS templates are XML documents containing boilerplate and replacement tokens. XDS templates are used to generate XDS documents that are submitted to Identity Manager on the Manual Task Service Driver's Publisher channel. See Templates under the Overview section for general information about templates.
Replacement tokens in XDS templates dictate some of the replacement data that is supplied to the Web server as data in an HTTP POST request.
For example, consider the following XDS template:
<nds>
<input>
<modify class-name="User" src-dn="not-applicable">
<association>$association$</association>
<modify-attr attr-name="roomNumber">
<remove-all-values/>
<add-value>
<value>$room-number$</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
The replacement tokens in the template dictate that the HTTP POST data must supply an association value and a room-number value.
Normally the association value would originate in the Subscriber channel. The Subscriber channel e-mail would place association=some value in the query string of the URL that is placed in the e-mail message. The Web page template used to generate the Web page when the URL is submitted to the Web server would typically place the association value in a hidden INPUT element:
<INPUT TYPE="hidden" NAME="association" VALUE="$association$"/>
Placing the association value as a hidden INPUT element causes the “association=some value” pair to be submitted as part of the HTTP POST data.
The room-number value is entered in the Web page using an INPUT element similar to the following:
<input TYPE="text" NAME="room-number" SIZE="20" MAXLENGTH="20"/>
If the manager enters 1234 and clicks Submit, the Web browser sends “room-number=1234” as part of the HTTP POST data.
The Web server then generates an <item name=“association”> replacement data item and an <item name=“room-number”> replacement data item which are used when processing the XDS template.
The XDS document is generated by processing the XDS template with the style sheet specified in the POST data. Then the XDS document is submitted to Identity Manager on the Manual Task Service Driver's Publisher channel.
The Manual Task Service Driver outputs messages with various trace levels:
For additional information on Manual Task Service driver settings, refer to the following appendix sections:
Section E.0, Manual Task Service Driver: Automatic Replacement Data Items
Section F.0, Manual Task Service Driver: Template Action Elements Reference
Section G.0, Manual Task Service Driver: <mail> Element Reference
Section H.0, Manual Task Service Driver: Data Flow Scenario for New Employee
Section I.0, Manual Task Service Driver: Custom Element Handlers for the Subscriber Channel
Section J.0, Manual Task Service Driver: Custom Servlets for the Publisher Channel