none
SSPR Error - Issue with Custom Workflow

    Question

  • So I have created a custom workflow which is an Action Type

    activity has

    Destination: //Target/otpvalue

    and below I have mentioned Number = 1

    What basically I am trying to do is to change the attribute "otpvalue" from 0 to 1 after the password reset workflow is complete.

    I then went into MPR "Anonymous users can reset their password" --> Policy Workflow and under "Actions Workflow" ticked the new workflow.

    When a user tries to reset password now, the value does change for the "otpvalue" but get the error "Unable to reset password" at the "set new password page"

    When this workflow is removed.. reset works fine..

    What can be the issue here?Can't see any issue in "Search Requests" section as well .. On a side note, how do you change the timestamp there? probably showing UTC and not local time stamp..

    I created this attribute in FIM Portal.. and the password reset flows to AD which does not have this attribute (dev env.. just testing around).. but I guess this workflow is trying to write this value and trying to look it up in AD as well? (although it is not mapped in the MA)

    Thanks


    • Edited by FIM N00b Monday, October 28, 2013 2:29 AM
    Monday, October 28, 2013 2:29 AM

All replies

  • Hi,

    I am aware that using Custom workflow activity is more effecient then use Rule extension or any other approach which is not OTB. But I have an easier solution for you.

    See, What i understand from your post is you want to update an attribute if user is successfully able to password reset. This you can do by using Active Directory attribute. There is an into AD attribute name "PWDLASTSET" which is getting updated with the date when user Reset his/her password last. You can import this attribute into FIM and based on this attribute you can perform any action by using this into SETS, Rule Extension, etc.

    And one more thing always use Universal Time stamp in FIM coding part.

    I hope this will help you.

      


    Thanks~ Giriraj Singh Bhamu


    Monday, October 28, 2013 1:47 PM
  • No. that is not my intention at all..

    there is a particular business reason I am doing this and will not the way pwdlastset will work..

    Monday, October 28, 2013 8:46 PM
  • Have you tried adding your activity to the end of the AuthN workflow? Make sure you set the Actor ID in the building block activities to the guid of the fim service.

    Thanks, Brian

    Tuesday, October 29, 2013 6:09 AM
  • Hi Brian

    For the Password Reset AuthN Workflow , could not see any activity with Function Evaluator (which is stamping the attribute). So I created a new Action workflow called "Stamp Attribute" and created an activity there..

    Then I edited "Anonymous users can reset their password" and under Policy Workflows --> Action Workflow --> Ticked the activity "Stamp Attribute" .. Another one ticked under it is "Password Reset Action Workflow"

    Was that the right way to do it?

    "Make sure you set the Actor ID in the building block activities to the guid of the fim service."

    ^^ Not sure what you mean by that? Could you gives steps where to do this?

    Thanks

    Tuesday, October 29, 2013 9:01 PM
  • Hi Brian

    For the Password Reset AuthN Workflow , could not see any activity with Function Evaluator (which is stamping the attribute). So I created a new Action workflow called "Stamp Attribute" and created an activity there..

    Then I edited "Anonymous users can reset their password" and under Policy Workflows --> Action Workflow --> Ticked the activity "Stamp Attribute" .. Another one ticked under it is "Password Reset Action Workflow"

    Was that the right way to do it?

    "Make sure you set the Actor ID in the building block activities to the guid of the fim service."

    ^^ Not sure what you mean by that? Could you gives steps where to do this?

    Thanks

    Go in your Activity Configuration definition in the FIM portal and check the Authentication box on your activity and do an iisreset and it should show up.

    There's an Actor ID property on the building block activities in Visual Studio. You want the FIM service one for this - http://www.identitychaos.com/2010/08/fim-2010-well-known-guids.html.


    Thanks, Brian

    Tuesday, October 29, 2013 9:03 PM
  • Go in your Activity Configuration definition in the FIM portal and check the Authentication box on your activity and do an iisreset and it should show up.

    There's an Actor ID property on the building block activities in Visual Studio. You want the FIM service one for this


    Thanks, Brian

    I have not used Visual Studio to create this activity.. it is a simple function evaluator one?? The link didn't open

    Where do I find "Activity Configuration definition in the FIM portal" .. under Administration Page?

    Ta

    Tuesday, October 29, 2013 9:09 PM
  • Go in your Activity Configuration definition in the FIM portal and check the Authentication box on your activity and do an iisreset and it should show up.

    There's an Actor ID property on the building block activities in Visual Studio. You want the FIM service one for this


    Thanks, Brian

    I have not used Visual Studio to create this activity.. it is a simple function evaluator one?? The link didn't open

    Where do I find "Activity Configuration definition in the FIM portal" .. under Administration Page?

    Ta

    Oh I missed that.

    Yes go to Administration>All Resources>Activity Info Config.

    This might not work with the function evaluator in this context - we'll see.


    Thanks, Brian

    Tuesday, October 29, 2013 9:11 PM

  • Oh I missed that.

    Yes go to Administration>All Resources>Activity Info Config.

    This might not work with the function evaluator in this context - we'll see.


    Thanks, Brian

    I cannot see the one which I created under workflows..

    Edit the default "Function Evaluator" ?

    Also you are suggesting to "Go in your Activity Configuration definition in the FIM portal and check the Authentication box on your activity"

    Tuesday, October 29, 2013 9:15 PM
  • Yes, edit the Function Evaluator Activity Config and tick the Authentication box. You'll need to do an iisreset and then it should show up in your AuthN workflow designer.

    Thanks, Brian

    Tuesday, October 29, 2013 9:16 PM
  • Yes, edit the Function Evaluator Activity Config and tick the Authentication box. You'll need to do an iisreset and then it should show up in your AuthN workflow designer.

    Thanks, Brian


    Have done that but wondering why? It is an action I am doing (stamping an attribute after an authentication of user is done).. and it does show up there already and is ticked.. but the overall process of reset does not work
    Tuesday, October 29, 2013 9:21 PM
  • I'm not sure then, offhand. You can crank up tracing in the FIM Service as a start and see if you can determine what issue. See this for directions - http://social.technet.microsoft.com/wiki/contents/articles/10225.how-to-enable-fim-service-tracing.aspx.

    Also directions for tracing on the client side: http://setspn.blogspot.com/2010/09/fim-2010-sspr-client-extension-advanced.html


    Thanks, Brian

    Tuesday, October 29, 2013 9:23 PM