Table of Contents

Tasks scheduler

The task can be scheduled in three different ways or using three types of triggers:

To run, schedule and review tasks, these interfaces have been created:

* AbstractSchedulableStatefulExecutor - stateful scheduled task. Result is logged for every processed item (see next section).

Task types

Implemented long running tasks are listed below. No schedulable long running tasks are included.

PasswordExpirationWarningTaskExecutor

Sends warning notification before password expires. Notification is not sent to disabled identities. Days before has to be given as task's parameter (number greater than zero). More tasks could be configured, e.g. for sending warning notification 14,7,3 days before password expires. Default notification topic is configured to email sender.

PasswordExpiredTaskExecutor

Sends warning notification after password expires. Notification is not send to disabled identities. Default notification topic is configured to email sender.

AccountProtectionExpirationTaskExecutor

Removes accounts with expired protection interval. Account has to have inProtection flag setted to true.

RetryProvisioningTaskExecutor

Retry failed provisioning operation periodically. When provisioning operation fails, then is logged into provisioning queue with result (state, exception, result code etc.) and new attempt time. Number of attempts is 6 and time between attempts grows (2 mins, 5 mins, 20 mins, 2 hours, 12 hours - configuration coming soon).

ExecuteScriptTaskExecutor

Long running task for execute script by code. Script can increment and initialize counter.

RemoveOldLogsTaskExecutor

Long running task for remove old logging event, logging event exception and logging event property. Parameter remove old logs than (days).

Parameters

ProvisioningQueueTaskExecutor

Process provisioning operations in queue periodically. This LRT executes prepared (created) requests for provisioning, when target system is switched do use asynchronous provisioning.

Parameters

SynchronizationSchedulableTaskExecutor

Schedule synchronization.

Parameters

AddNewAutomaticRoleTaskExecutor

Long running task for add newly added automatic role to users. Can be executed repetitively to assign role to unprocessed identities, after process was stopped or interrupted (e.g. by server restart).

Parameters

RemoveAutomaticRoleTaskExecutor

Long running task for removing automatic roles from identities.

Parameters

AddNewRoleCompositionTaskExecutor

@since 9.0.0

Long running task for adding newly added role compositions to users. Sub roles defined by this composition will be assigned to identities having superior role. Can be executed repetitively to assign unprocessed roles to identities, after process was stopped or interrupted (e.g. by server restart).

Parameters

RemoveRoleCompositionTaskExecutor

@since 9.0.0

Long running task for removing assigned roles by given composition from identities.

Parameters

IdentityContractExpirationTaskExecutor

Remove roles by expired identity contracts (⇒ removes assigned roles).

IdentityRoleExpirationTaskExecutor

Long running task for removing expired identity roles. Expected usage is in cooperation with CronTaskTrigger, running once a day after midnight.

IdentityRoleValidRequestTaskExecutor

When role was created with validity in future, then this executor publish even, when role starts to be valid. This is needed specially for account management, when new account for roles that was newly valid has to be created.

HrEnableContractProcess

@since 7.5.1

HR process - enable identity's contract process. The processes is started for contracts that are both valid (meaning validFrom and validTill) and enabled. This LRT should be configured even event processors for HR processes are enabled - this process depends on current date ⇒ event processors cannot work this way. Event processors checks active changes on given contract.

HrContractExclusionProcess

@since 7.5.1

HR process - identity's contract exclusion. The processes is started for contracts that are both valid (meaning validFrom and validTill) and excluded. This LRT is optional with event processors for HR processes. One of LRT or processors should be enabled / scheduled. If LRT is scheduled and processors are enabled, then this LRT just checks, if everything is done (contract is already excluded by processor).

HrEndContractProcess

@since 7.5.1

HR process - end of identity's contract process. The processes is started for contracts that are not valid (meaning validFrom and validTill). This LRT is optional with event processors for HR processes and IdentityContractExpirationTaskExecutor. One of this LRT or processors with IdentityContractExpirationTaskExecutor should be enabled / scheduled. If this LRT is scheduled and processors with IdentityContractExpirationTaskExecutor are enabled / scheduled, then this LRT just checks, if everything is done (contract is already expired by processor or IdentityContractExpirationTaskExecutor).

SelectCurrentContractSliceTaskExecutor

@since 8.1.0

Recalculate current using slices as contract. Find all slices which should be for actual date using as contract and copy their values to parent contracts.

ChangeConfidentialStorageKey

@since 8.2.0

Change key for crypt confidential storage. Taks can be started after you change key in application properties/file to newer. As parameter will be given old key.

Initializer

By default, the core module implements AbstractScheduledTaskInitializer - InitCoreScheduledTask. This class is responsible for initializing default scheduled tasks. See IdmCoreScheduledTasks.xml for xml structure.

For another module it is necessary to implement the subclass of AbstractScheduledTaskInitializer.

Scheduled task is initialized by type. If exists task with same type as in xml, task will not be initialized.