Why I dislike Active Sync Input Forms

By Mr. I | Published: December 1, 2009

If you haven’t guessed I really dislike using active sync input forms in Sun Identity Manager.  I don’t feel they offer any value to the IDM developer. First, active sync workflows are generally faster to execute than active sync input forms.  This is because the checking in and out of the user view is in the control workflow.  You can check out the view with as little processing as you want.

Also, there is no correlation and confirmation rule execution with an active sync workflow, you have to match a user up yourself.  This can create more work for you when you develop the workflow but I don’t find it to be any more work than creating a confirmation or correlation rule in the first place.  The lack of correlation / confirmation rule execution also speeds things up.

Finally, and in my opinion the most important reason to not use active sync input forms, is the conceptual simplicity of the active sync workflow.  There’s really nothing to the workflow initially, IDM creates the activeSync variable and passes it off to the workflow.  That’s it.  There’s no other processing done by IDM.  It’s up to the developer to do the work of determining the event type, correlating the event to a user if one exists, performing the updates, checking in, checking out, etc.  In my opinion, this is only slightly more work (in terms of development) than implementing an input form and the amount of extra control you gain by using a workflow over a form is tremendous. Want to send a notification email on account creation but not updates and only on Sundays?  No problem, the workflow can handle is beautifully.  Want to make a call to a custom Java class to call a web service on a third party server?  The workflow can do that too.  The downside is the extra effort in creating a complex workflow.

Now it could be argued that the input form, correlation / confirmation rules, pre and post workflows provide the same features as using a single active sync workflow.   I won’t disagree, it can be done, it’s just really ugly, difficult to maintain and does not easily to adapt to changes.  Maybe I’m just a control freak but I can’t see why active sync input forms are there at all.

I feel the use of the input form with active sync in Sun IDM is an over-engineered solution that creates more complexity in terms of simply understanding what is going on when the most simple one, the workflow, worked very well.

This entry was posted in Sun Identity Manager and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. JB
    Posted March 11, 2010 at 12:01 pm | Permalink

    So do you just call viewOptions.Process in your activesync form?

    Reply
    • Mr. I
      Posted March 11, 2010 at 1:18 pm | Permalink

      No. In the synchronization policy you can select a process rule. The value is either a rule that returns the name of a workflow to run during active sync or the name of the workflow itself. If you define one of those rules then the option to select an active sync form disappears. When active sync runs the workflow is executed with the activeSync.* namespace populated with your resource adapter’s values.

      Reply

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



  • Will you upgrade to the next version of Sun IDM given the recent Oracle acquisition?

    View Results

    Loading ... Loading ...