Setting up Workflows with WSO2 Identity Server
What is a Workflow?
A workflow is a sequence of approval processes that need to go through in order to complete a human task.
The workflow feature enables you to add more control and constraints to the tasks executed within it.
Let’s consider a sample use case.
Sample Use Case
Let’s consider adding a new employee to the company system by a HR person.
If company want’s they can let the HR person to add a new employee directly to the system.
But normally when an employee joins the company, it has to be approved by a set of administrators. So if the company wants to keep more control and constraint on adding new users(employees) to the system, they can manadate HR Manager’s approval for adding new employees. So in this case even HR member added new employees to the system, It will only complete after getting the approval from the Senior HR manager.
Below diagram shows this approval flow.
- HR member(Requester) add user details and send user approval request to the HR Manager.
- HR manager(Approver) checks the pending user approval request and can approve or reject the relevant user add request.
- IF HR manager approves the user add request user will be added to the system successfully. But if HR manager reject the user approval request user will not be added to the system.
This approval flow is a sample workflow.
Try out Workflow Management
In WSO2 identity server we can create approval workflows for different human tasks. Following are a some of them:
- User creation, modification and deletion
- Role creation, modification and deletion
- Assigning Roles to users
- Assigning users to Roles
- Update the attributes
Now Let’s see how to implementing the above sample use case with WSO2 identity server workflow management.
Prerequisites
- Download the latest WSO2 Identity Server 5.11.0 from here .
- Start WSO2 identity server by executing
wso2server.sh
(For unix environment) orwso2server.bat
(For windows environment) file from the<IS_HOME>/bin
directory.
Add HR member and HR Manager and assign relevant roles
- Sign in to in to the Management Console via https://localhost:9443/carbon/.
Add new Roles hr_member
and hr_manager
.
- On the Main menu, click Identity →Users and Roles →Add.
- Then click Add New Role.
- Then enter role name
hr_member
and click Finish. - Then add
hr_manager
role also using the above three steps.
Add two new users johny
& symond
and assign hr_member
&hr_manager
roles respectively.
- On the Main menu, click Identity →Users and Roles →Add.
- Then click Add New User.
- Then add username as
johny
and password for johny and click Next. - Then select the
Internal/hr_member
andInternal/admin
roles for user johny and click on Finish. - Similar to the above steps add user
symond
and assignInternal/hr_manager
andInternal/admin
roles for him.
Now you have two users which has following roles.
- johny →hr_member
- symond →hr_manager
Please refer this for details about configuring roles & permissions.
Adding a New Workflow Definition
Now let’s see how to add a new Workflow definition.
- On the Main tab of the Management Console, click Manage → Workflow Definition →Add.
- Enter a
workflow name
anddescription
and click Next.
3. To add an approval level click Add Approval Step.
4. To serach a user role select the Search Roles radio button and click Search Roles.
5. Then Select the check-box associated with Internal/hr_manager
role and click Add Selected Roles.
6. Click Next to move to the next step.
7. Then add BPS Profile
, Task Subject
and Task Detail
as below image and click on Finish.
Now you will be able to view the workflow definition you just added, by navigating to Workflow Definitions → List under the Manage Section.
Engaging a Workflow in an Operation
Now you need to add the workflow you created to an operation. In our scenario we need engaging the approval workflow for the operation of adding a user.
- On the Main tab in the Management Console, click Manage → Workflow Engagement → Add.
- Then fill the
Association Name
and select other required details as given below.
3. Click Add to complete adding the engagement. You can view, disable, or delete the association by navigating to Manage → WorkFlows Engagements → List.
Now that all the configurations are done, when you add a user it will not be displayed under the users section immediately and the user will not be able to login. The user will be enabled once the user addition task is approved by the hr_manager
.
Managing Human Tasks
Human tasks are the steps that require human interaction in order to allow the process of the operation to proceed.
Let’s Follow the steps below to test the add user workflow.
- Sign in to WSO2 Identity Server with the admin credentials as a
hr_member
by enteringJohny’s
credentials. - Create a user with the name
Kane
. After you successfully create the user, it will be greyed out as shown below until a manager approves the addition of the user account.
3. Then access the console URL (https://localhost:9443/console
) and sign in as a hr_manager
by using symond’s credentials.
4. In the Manage tab, choose Approvals from the left panel.
5. Select the approval task corresponding to the request made for user, Kane.
6. Click Approve to approve the pending task and complete the workflow process.
Now the approval task will be changed to Completed state and user Kane
will be able to log in to the applications.
We are done! Now it’s your time. Try and See.