Setting up Workflows with WSO2 Identity Server

What is a Workflow?

A workflow is a sequence of approval processes that need to go through in order to complete a human task.

The workflow feature enables you to add more control and constraints to the tasks executed within it.

Let’s consider a sample use case.

Sample Use Case

Let’s consider adding a new employee to the company system by a HR person.

If company want’s they can let the HR person to add a new employee directly to the system.

But normally when an employee joins the company, it has to be approved by a set of administrators. So if the company wants to keep more control and constraint on adding new users(employees) to the system, they can manadate HR Manager’s approval for adding new employees. So in this case even HR member added new employees to the system, It will only complete after getting the approval from the Senior HR manager.

Below diagram shows this approval flow.

Sample Approval Flow

1. HR member(Requester) add user details and send user approval request to the HR Manager.
2. HR manager(Approver) checks the pending user approval request and can approve or reject the relevant user add request.
3. IF HR manager approves the user add request user will be added to the system successfully. But if HR manager reject the user approval request user will not be added to the system.

This approval flow is a sample workflow.

Try out Workflow Management

In WSO2 identity server we can create approval workflows for different human tasks. Following are a some of them:

• User creation, modification and deletion
• Role creation, modification and deletion
• Assigning Roles to users
• Assigning users to Roles
• Update the attributes

Now Let’s see how to implementing the above sample use case with WSO2 identity server workflow management.

Prerequisites

• Download the latest WSO2 Identity Server 5.11.0 from here .
• Start WSO2 identity server by executing wso2server.sh (For unix environment) or wso2server.bat (For windows environment) file from the <IS_HOME>/bin directory.

Add HR member and HR Manager and assign relevant roles

1. Sign in to in to the Management Console via https://localhost:9443/carbon/.

Add new Roles hr_member and hr_manager.

1. On the Main menu, click Identity →Users and Roles →Add.
2. Then click Add New Role.
3. Then enter role name hr_member and click Finish.
4. Then add hr_manager role also using the above three steps.

Add two new users johny & symondand assign hr_member &hr_manager roles respectively.

1. On the Main menu, click Identity →Users and Roles →Add.
2. Then click Add New User.
3. Then add username as johny and password for johny and click Next.
4. Then select the Internal/hr_member and Internal/admin roles for user johny and click on Finish.
5. Similar to the above steps add user symond and assign Internal/hr_manager and Internal/admin roles for him.

Now you have two users which has following roles.

• johny →hr_member
• symond →hr_manager

Please refer this for details about configuring roles & permissions.

Adding a New Workflow Definition

Now let’s see how to add a new Workflow definition.

1. On the Main tab of the Management Console, click Manage → Workflow Definition →Add.
2. Enter a workflow name and description and click Next.

3. To add an approval level click Add Approval Step.

4. To serach a user role select the Search Roles radio button and click Search Roles.

5. Then Select the check-box associated with Internal/hr_manager role and click Add Selected Roles.

6. Click Next to move to the next step.

7. Then add BPS Profile, Task Subject and Task Detail as below image and click on Finish.

Now you will be able to view the workflow definition you just added, by navigating to Workflow Definitions → List under the Manage Section.

Engaging a Workflow in an Operation

Now you need to add the workflow you created to an operation. In our scenario we need engaging the approval workflow for the operation of adding a user.

1. On the Main tab in the Management Console, click Manage → Workflow Engagement → Add.
2. Then fill the Association Name and select other required details as given below.

3. Click Add to complete adding the engagement. You can view, disable, or delete the association by navigating to Manage → WorkFlows Engagements → List.

Now that all the configurations are done, when you add a user it will not be displayed under the users section immediately and the user will not be able to login. The user will be enabled once the user addition task is approved by the hr_manager.

Managing Human Tasks

Human tasks are the steps that require human interaction in order to allow the process of the operation to proceed.

Let’s Follow the steps below to test the add user workflow.

1. Sign in to WSO2 Identity Server with the admin credentials as a hr_member by entering Johny’s credentials.
2. Create a user with the name Kane. After you successfully create the user, it will be greyed out as shown below until a manager approves the addition of the user account.

3. Then access the console URL (https://localhost:9443/console) and sign in as a hr_manager by using symond’s credentials.

4. In the Manage tab, choose Approvals from the left panel.

5. Select the approval task corresponding to the request made for user, Kane.

6. Click Approve to approve the pending task and complete the workflow process.

Now the approval task will be changed to Completed state and user Kane will be able to log in to the applications.

We are done! Now it’s your time. Try and See.

Refrences

1. https://is.docs.wso2.com/en/latest/learn/workflow-management/
2. https://www.youtube.com/watch?v=DZJV1gqSDMc