Self-Registration AS a publicly accessible workflow.
Do-able?

Hi,

I have similar requirements to those expressed by others in search of 
self-registration, but the one thing that either can't be done (or I don't 
know how to do it) is to force a CN to be created by our naming algorithm, 
rather than by some self-registering person's idea of a good CN.  So the 
create Entity portlet seems a bit limited. (If there is a way to use the 
create entity portlet to auto-generate a CN, rather than have the user enter 
it, please clue me in.)

I know how to do this in a workflow, and if it is possible to expose a 
"publicly available" workflow, I would prefer to have users submit
required 
information for requesting an account, and then have the workflow either 
automatically create the account OR route the request to an admin when 
necessary to avoid duplicate accounts.

1.  User (via clicking on a URL) is taken to the publicly accessible 
workflow Request Form.  User fills in basic demographic information, 
including a checkbox on whether they have ever had an account of any kind 
with this institution in the past.
                 1a.  If previous account = no, goto Step 3.
2.  Workflow is routed to administrator to look for pre-existing accounts 
and prevent unnecessary account creation.
                 1b.  If no, go directly
3.  Entity created, CN Generated according to naming convention, and 
self-registered user is notified via e-mail (entered during registration) of 
new account ID, temporary one-time use password, and URL to complete 
registration process, which includes establishing secure password, 
challenge/response questions/answers, etc.
4.  User uses UserApp to request resources as needed.

So the key:  Is it possible to create a publicly accessible workflow?  I can 
link people directly to it from a weblink... I don't want to send them 
through the User App interface to select "Requests/Approvals" and
such.

Rob. 

On 05/05/2008 07:14 PM, Rob.S wrote:

> Hi,
> 
> I have similar requirements to those expressed by others in search of 
> self-registration, but the one thing that either can't be done (or I don't

> know how to do it) is to force a CN to be created by our naming algorithm,

> rather than by some self-registering person's idea of a good CN.  So the 
> create Entity portlet seems a bit limited. (If there is a way to use the 
> create entity portlet to auto-generate a CN, rather than have the user
enter 
> it, please clue me in.)
> 
> I know how to do this in a workflow, and if it is possible to expose a 
> "publicly available" workflow, I would prefer to have users
submit required 
> information for requesting an account, and then have the workflow either 
> automatically create the account OR route the request to an admin when 
> necessary to avoid duplicate accounts.
> 
> 1.  User (via clicking on a URL) is taken to the publicly accessible 
> workflow Request Form.  User fills in basic demographic information, 
> including a checkbox on whether they have ever had an account of any kind 
> with this institution in the past.
>                  1a.  If previous account = no, goto Step 3.
> 2.  Workflow is routed to administrator to look for pre-existing accounts 
> and prevent unnecessary account creation.
>                  1b.  If no, go directly
> 3.  Entity created, CN Generated according to naming convention, and 
> self-registered user is notified via e-mail (entered during registration)
of 
> new account ID, temporary one-time use password, and URL to complete 
> registration process, which includes establishing secure password, 
> challenge/response questions/answers, etc.
> 4.  User uses UserApp to request resources as needed.
> 
> So the key:  Is it possible to create a publicly accessible workflow?  I
can 
> link people directly to it from a weblink... I don't want to send them 
> through the User App interface to select "Requests/Approvals" and
such.
> 
> Rob. 
> 
> 


Don't think so, because by the default for a user to see a workflow to 
make the request they have to have trustee rights to it.

The only way I can see of doing it is to create your own web page that 
would present the forms then call the Provisioning SOAP services to 

I guess the real question is, can a workflow be made accessible without 
authentication?

If it is possible to expose the "Create Entity" portlet, is it
possible to 
expose the "Request Resource" portlet?
Has this idea never come up before?  I would think this is a desireable 
feature for self-registration.

There seem to be some differences between these portlets, as I'm trying to 
follow TID 3002868, but applying it to the "Request Resource" portlet
now 
and seem to be about 90% successful...Or, 0% successful... depending on how 
you look at it. (90% may SEEM right, but since it doesn't work, it counts as 
0%)

I can add the portlet to my custom "Self Registration" shared page,
which I 
can see without logging in.
By default the "Request Resource" portlet (or rather, my newly
registered 
copy of it) is set to not require authentication.
I can't put it into the "Guest" category... that option isn't
available.
It appears to TRY to run when I go to the "Self Registration" page,
but 
tells me there is no resource selected.  I selected one of my workflows 
under "View/Edit Custom Preferences, saved it and saved the portlet

Is this possible?

Rob.

"John DaSilva" <jdasilva@novell.com> wrote in message 
news:MzHTj.9917$Dh4.285@kovat.provo.novell.com...
> On 05/05/2008 07:14 PM, Rob.S wrote:
>
>> Hi,
>>
>> I have similar requirements to those expressed by others in search of 
>> self-registration, but the one thing that either can't be done (or I 
>> don't know how to do it) is to force a CN to be created by our naming 
>> algorithm, rather than by some self-registering person's idea of a good

>> CN.  So the create Entity portlet seems a bit limited. (If there is a
way 
>> to use the create entity portlet to auto-generate a CN, rather than
have 
>> the user enter it, please clue me in.)
>>
>> I know how to do this in a workflow, and if it is possible to expose a

>> "publicly available" workflow, I would prefer to have users
submit 
>> required information for requesting an account, and then have the 
>> workflow either automatically create the account OR route the request
to 
>> an admin when necessary to avoid duplicate accounts.
>>
>> 1.  User (via clicking on a URL) is taken to the publicly accessible 
>> workflow Request Form.  User fills in basic demographic information, 
>> including a checkbox on whether they have ever had an account of any
kind 
>> with this institution in the past.
>>                  1a.  If previous account = no, goto Step 3.
>> 2.  Workflow is routed to administrator to look for pre-existing
accounts 
>> and prevent unnecessary account creation.
>>                  1b.  If no, go directly
>> 3.  Entity created, CN Generated according to naming convention, and 
>> self-registered user is notified via e-mail (entered during
registration) 
>> of new account ID, temporary one-time use password, and URL to complete

>> registration process, which includes establishing secure password, 
>> challenge/response questions/answers, etc.
>> 4.  User uses UserApp to request resources as needed.
>>
>> So the key:  Is it possible to create a publicly accessible workflow? 
I 
>> can link people directly to it from a weblink... I don't want to send 
>> them through the User App interface to select
"Requests/Approvals" and 
>> such.
>>
>> Rob.
>
>
> Don't think so, because by the default for a user to see a workflow to 
> make the request they have to have trustee rights to it.
>
> The only way I can see of doing it is to create your own web page that 
> would present the forms then call the Provisioning SOAP services to start 
> the workflow. 

As for trustees, wouldn't giving "Guest" as specified in the UAConfig)

trusteeship be the way to get a trustee on the workflow?

R.


"John DaSilva" <jdasilva@novell.com> wrote in message 
news:MzHTj.9917$Dh4.285@kovat.provo.novell.com...
> On 05/05/2008 07:14 PM, Rob.S wrote:
>
>> Hi,
>>
>> I have similar requirements to those expressed by others in search of 
>> self-registration, but the one thing that either can't be done (or I 
>> don't know how to do it) is to force a CN to be created by our naming 
>> algorithm, rather than by some self-registering person's idea of a good

>> CN.  So the create Entity portlet seems a bit limited. (If there is a
way 
>> to use the create entity portlet to auto-generate a CN, rather than
have 
>> the user enter it, please clue me in.)
>>
>> I know how to do this in a workflow, and if it is possible to expose a

>> "publicly available" workflow, I would prefer to have users
submit 
>> required information for requesting an account, and then have the 
>> workflow either automatically create the account OR route the request
to 
>> an admin when necessary to avoid duplicate accounts.
>>
>> 1.  User (via clicking on a URL) is taken to the publicly accessible 
>> workflow Request Form.  User fills in basic demographic information, 
>> including a checkbox on whether they have ever had an account of any
kind 
>> with this institution in the past.
>>                  1a.  If previous account = no, goto Step 3.
>> 2.  Workflow is routed to administrator to look for pre-existing
accounts 
>> and prevent unnecessary account creation.
>>                  1b.  If no, go directly
>> 3.  Entity created, CN Generated according to naming convention, and 
>> self-registered user is notified via e-mail (entered during
registration) 
>> of new account ID, temporary one-time use password, and URL to complete

>> registration process, which includes establishing secure password, 
>> challenge/response questions/answers, etc.
>> 4.  User uses UserApp to request resources as needed.
>>
>> So the key:  Is it possible to create a publicly accessible workflow? 
I 
>> can link people directly to it from a weblink... I don't want to send 
>> them through the User App interface to select
"Requests/Approvals" and 
>> such.
>>
>> Rob.
>
>
> Don't think so, because by the default for a user to see a workflow to 
> make the request they have to have trustee rights to it.
>
> The only way I can see of doing it is to create your own web page that 
> would present the forms then call the Provisioning SOAP services to start 
> the workflow. 

On 05/05/2008 09:07 PM, Rob.S wrote:

> I guess the real question is, can a workflow be made accessible without 
> authentication?
> 
> If it is possible to expose the "Create Entity" portlet, is it
possible to 
> expose the "Request Resource" portlet?
> Has this idea never come up before?  I would think this is a desireable 
> feature for self-registration.
> 
> There seem to be some differences between these portlets, as I'm trying to

> follow TID 3002868, but applying it to the "Request Resource"
portlet now 
> and seem to be about 90% successful...Or, 0% successful... depending on how

> you look at it. (90% may SEEM right, but since it doesn't work, it counts
as 
> 0%)
> 
> I can add the portlet to my custom "Self Registration" shared
page, which I 
> can see without logging in.
> By default the "Request Resource" portlet (or rather, my newly
registered 
> copy of it) is set to not require authentication.
> I can't put it into the "Guest" category... that option isn't
available.
> It appears to TRY to run when I go to the "Self Registration"
page, but 
> tells me there is no resource selected.  I selected one of my workflows 
> under "View/Edit Custom Preferences, saved it and saved the portlet
> 
> Is this possible?
> 
> Rob.
> 



Request Resource is not a portlet. So I don't see what you are changing