kuali edoclite and grouper for access forms workflow at penn 9-nov-2010, kuali days chris hyzer,...
TRANSCRIPT
![Page 1: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/1.jpg)
Kuali eDoclite and Grouper for access Kuali eDoclite and Grouper for access forms workflow at Pennforms workflow at Penn
9-Nov-2010, Kuali DaysChris Hyzer, University of Pennsylvania developer
![Page 2: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/2.jpg)
• eForms description• Integration with Grouper• Demo• Making an eForm• Production deployment• Future plans• Customizations• Documentation contributions• Wishlist
2 – 04/19/23, © 2009 Internet2
AgendaAgenda
![Page 3: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/3.jpg)
eForms descriptioneForms description
![Page 4: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/4.jpg)
• In 2009 Penn wanted to convert paper access management forms to eForms
4 – 04/19/23, © 2009 Internet2
Paper form screenshotPaper form screenshot
![Page 5: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/5.jpg)
5 – 04/19/23, © 2009 Internet2
Paper form screenshot (continued)Paper form screenshot (continued)
![Page 6: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/6.jpg)
6 – 04/19/23, © 2009 Internet2
Paper form screenshot (continued)Paper form screenshot (continued)
![Page 7: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/7.jpg)
7 – 04/19/23, © 2009 Internet2
Paper form screenshot (continued)Paper form screenshot (continued)
![Page 8: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/8.jpg)
8 – 04/19/23, © 2009 Internet2
Paper form screenshot (continued)Paper form screenshot (continued)
![Page 9: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/9.jpg)
9 – 04/19/23, © 2009 Internet2
Paper form existing listPaper form existing list
![Page 10: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/10.jpg)
• Autofill personal information• Common includes (privacy statement)• Fill out form on behalf of someone else• Org chart picker for data access• Person picker from group (employee)• Notification to requester when complete• Report on form data• Should require no Java to create forms
10 – 04/19/23, © 2009 Internet2
RequirementsRequirements
![Page 11: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/11.jpg)
• Route to members of Grouper group• Route to selected group (pick school)• Ability to return to previous route node• Route to multiple groups at once• Conditional routing• Dynamic routing to someone entered on
form
11 – 04/19/23, © 2009 Internet2
Routing requirementsRouting requirements
![Page 12: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/12.jpg)
• Submitters can see current and past forms
• Approvers can see current and past forms
• Certain people can edit certain forms
12 – 04/19/23, © 2009 Internet2
Security requirementsSecurity requirements
![Page 13: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/13.jpg)
• Not a current Kuali customer (will be with OLE Library system)
• Integrate Rice with Grouper (yummy)– 2, 3, 4 on google for “rice grouper”
• Use eDoclite• If gaps:
– Ajax (haven’t had to do this yet, but will)– External picker screens– Java customizations, e.g. post processors
• Meets the requirements
13 – 04/19/23, © 2009 Internet2
DesignDesign
![Page 14: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/14.jpg)
Rice and Grouper integrationRice and Grouper integration
![Page 15: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/15.jpg)
15 – 04/19/23, © 2009 Internet2
Kuali RiceKuali Rice•Middleware used by other Kuali and non-Kuali products•KIM: Kuali Identity Management•KSB: Kuali service bus•KEN: Kuali enterprise notification•KEW: Kuali enterprise workflow•Components
•UI•SOAP web services•Web framework•eDocLite: declarative workflow applications
![Page 16: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/16.jpg)
16 – 04/19/23, © 2009 Internet2
Internet2 GrouperInternet2 Grouper•Access management middleware•Central groups and permissions store•Components
•UI•SOAP/Rest web services•Loader to load groups from source systems•Provisioning e.g. to LDAP or XMPP•Lightweight Java client
![Page 17: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/17.jpg)
17 – 04/19/23, © 2009 Internet2
Internet2 Grouper advanced featuresInternet2 Grouper advanced features•Delegated privileges•Adhoc groups based on loaded groups (includes/excludes)•Composite groups: union, intersection, minus (e.g. require employee)•UI screen for simple group management (customizable, skinnable)•New in next release
•Rules, e.g. email when membership list changes, auto-deprovision•Point in time auditing, e.g. what groups has someone been in, who was a member 6 months ago•Manage federated members
![Page 18: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/18.jpg)
18 – 04/19/23, © 2009 Internet2
Kuali Rice overridable servicesKuali Rice overridable services•Group service
•getMembers, hasMember, assignMember, etc•Identity service
•getPersonById, getPersonByPrincipal, etc•Permissions service•etc
![Page 19: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/19.jpg)
19 – 04/19/23, © 2009 Internet2
How to connect Rice to Grouper?How to connect Rice to Grouper?•Add two jars to Rice (grouperRice.jar and grouperClient.jar)•Add and configure grouper.client.properties•Configure Rice spring override to group and/or identity service•Setup a Grouper folder for the “Rice root”
![Page 20: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/20.jpg)
20 – 04/19/23, © 2009 Internet2
Kuali Rice overridable servicesKuali Rice overridable services
Ricerequest
grouperRice.jar
Kuali DB
Rice server
GrouperRegistry
Grouper WS server
Grouper.client.properties
grouperClient.jar
![Page 21: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/21.jpg)
21 – 04/19/23, © 2009 Internet2
Grouper clientGrouper client
•One jar (no conflicts with existing libraries)•Supports all of Grouper WS API•Command line examplejava –jar grouperClient.jar --operation=hasMemberWs --groupName=aStem:aGroup --subjectIds=1234567
•Java library examplenew GcHasMember().assignGroupName("aStem:aGroup") .addSubjectId("1234567").execute();
Grouper WS serverGrouper.client.properties
grouperClient.jar
REST
LDAP
![Page 22: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/22.jpg)
22 – 04/19/23, © 2009 Internet2
Grouper client continuedGrouper client continued•The debug flag shows XML (useful for examples)
![Page 23: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/23.jpg)
23 – 04/19/23, © 2009 Internet2
Grouper client continuedGrouper client continued
![Page 24: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/24.jpg)
24 – 04/19/23, © 2009 Internet2
eForms workflow with GroupereForms workflow with GrouperInitiator fills out form
GrouperRegistry
Kuali DB
Get members to route to and emails
Grouper WS
Routes to approver group
Routes to approver groupN
Final Add a member to a Grouper group/role and/or assign permissions
On login to Rice, get subject details
Archive the document data, and workflow history
One in groupapproves
1
3
4
5
Grouper UI
Person / org pickers2
![Page 25: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/25.jpg)
25 – 04/19/23, © 2009 Internet2
KIM and Grouper differencesKIM and Grouper differences•KIM uses incrementor IDs and Grouper uses UUIDs
•Handled by not using any groups originating in Rice•KIM has a name for a group. Grouper has two names for a group, a system name, and a friendly name
•Handled by only using the system name•KIM services are largely driven by ID, the Grouper client generally used system name
•In Grouper 1.6, all client operations can use UUID •KIM has no namespace on subjects, Grouper has one level deep namespace for subjects (sourceId)
•Concatenate sourceId::::subjectId, e.g. pennperson::::12345678•KIM groups have active flags, not Grouper
•Inactive groups stored to grouper throw an exception
![Page 26: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/26.jpg)
26 – 04/19/23, © 2009 Internet2
KIM and Grouper differences (continued)KIM and Grouper differences (continued)•KIM has one level deep namespace on Groups
•Designate “KIM” root folder in Grouper, which has one level deep folders inside, and groups in those folders
•KIM group desc is 4000 chars, Grouper is 1024 chars•Descriptions > 1024 will be abbrev to 1024 (with ellipses)
•KIM has operations for adding or updating a group. Grouper can add, update, or add_or_update a group
•The grouper add_or_update will not be used•KIM has operation to select multiple groups by ID
•This was added in Grouper•KIM has lookupIds method for criteria to return groupIds
•This is not [yet] implemented in Grouper •KIM can get groups for a subject only in one folder
•Grouper client and WS were enhanced to support this•KIM gets all or direct or indirect groups for a subject
•Grouper client and WS were enhanced to support this
![Page 27: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/27.jpg)
27 – 04/19/23, © 2009 Internet2
KIM and Grouper differences (continued)KIM and Grouper differences (continued)•Kim gets immediate / non immediate members of group
•Grouper client and WS were enhanced to support this•KIM gets groups or people which are members of group
•Grouper client and WS were enhanced to support this•Kim could get the memberships of a group
•Grouper client and WS were enhanced to support this•Kim can create new groups in new namespaces
•Grouper added param "createParentStemsIfNotExist"•Kim caches group information for 30 seconds
•There is a 30 second propagation delay from Grouper to Kim•KIM has principalName, Grouper has subjectIdentifiers
•Configure attribute that is identifier for each applicable source in grouper.client.properties. Note not concatenated with the sourceId so it matches the principalName from the authn service
![Page 28: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/28.jpg)
28 – 04/19/23, © 2009 Internet2
KIM and Grouper differences (continued)KIM and Grouper differences (continued)•KIM has principalId, the id of the principalName
•Grouper connector will use sourceId::::subjectIdentifier.•KIM has phone numbers, affiliations, etc.
•Grouper subjects have id, name, description and attributes. The connector assumes you configure at least the name, subjectIdentifier (principalName), and email address. Other stuff
will be blank in Kuali. •KIM has first, middle, and last name, Grouper has name.
•The connector splits the name into first, middle, and last•Kuali can have multiple names
•Grouper connector will set only one name per subject•Methods like getPrincipalByPrincipalNameAndPassword() are not applicable in Grouper and throw unimplemented exception•Others like search by params, are unimplemented, return no results.
![Page 29: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/29.jpg)
29 – 04/19/23, © 2009 Internet2
Salary management eFormSalary management eForm
![Page 30: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/30.jpg)
30 – 04/19/23, © 2009 Internet2
Salary management eForm (continued)Salary management eForm (continued)
![Page 31: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/31.jpg)
31 – 04/19/23, © 2009 Internet2
Salary management eForm (continued)Salary management eForm (continued)
![Page 32: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/32.jpg)
32 – 04/19/23, © 2009 Internet2
eForms demo workfloweForms demo workflowInitiator fills out form If on behalf of someone else, they need to
approve it, unless it is a ‘remove access’ 1
4
Supervisor (person picker)
2On behalf of
remove?
3
NoYes
Grouper group selected from available schools
Note: supervisor cannot be thesame as ‘On behalf of’
School admin
HR
Payroll
HR and payroll could approve in parallel in future
8 Operations Grant access that isn’t automatically provisioned
Change KEW initiator to ‘on behalf of’ user
7 Data admin Assert that form is valid
9 Data admin Assert that privileges were granted correctly
Final Send email to ‘on behalf of’ user10
5
6
![Page 33: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/33.jpg)
33 – 04/19/23, © 2009 Internet2
Grouper Rice demoGrouper Rice demo•Demo movie
![Page 34: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/34.jpg)
Making an eFormMaking an eForm
![Page 35: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/35.jpg)
35 – 04/19/23, © 2009 Internet2
Make an eFormMake an eForm•Attributes•Rule templates•Doctype
•Settings and security•Route nodes and rules•Route paths
•eDocLite•Screen fields•HTML via XSL
•Email template
![Page 36: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/36.jpg)
36 – 04/19/23, © 2009 Internet2
Attributes Attributes – in this case for dynamic routing– in this case for dynamic routing<?xml version="1.0" encoding="UTF-8"?>
<ruleAttributes>
<ruleAttribute>
<name>salaryManagementAccessForm.onBehalfOfPennId</name>
<xmlElementLabel>onBehalfOfPennId</xmlElementLabel>
</ruleAttribute>
<ruleAttribute>
<name>salaryManagementAccessForm.supervisorPennIdRoleAttribute</name>
<xmlElementLabel>supervisorPennId</xmlElementLabel>
</ruleAttribute>
<ruleAttribute>
<name>salaryManagementAccessForm.groupName</name>
<description>Supervisor selects the group name who is the third approver</description>
<xmlElementLabel>groupName</xmlElementLabel>
</ruleAttribute>
</ruleAttributes>
Note: XML not complete
![Page 37: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/37.jpg)
37 – 04/19/23, © 2009 Internet2
Rule templates Rule templates – group of rules– group of rules<?xml version="1.0" encoding="UTF-8"?>
<ruleTemplates>
<ruleTemplate name="salaryManagementAccessForm.onBehalfOfRuleTemplate">
<attribute>salaryManagementAccessForm.onBehalfOfPennId</attribute>
</ruleTemplate>
<ruleTemplate name="salaryManagementAccessForm.supervisorRuleTemplate">
<attribute>salaryManagementAccessForm.supervisorPennIdRoleAttribute</attribute>
</ruleTemplate>
<ruleTemplate name="salaryManagementAccessForm.basRuleTemplate2">
<attribute>salaryManagementAccessForm.groupName</attribute>
</ruleTemplate>
<ruleTemplate name="salaryManagementAccessForm.hrReviewRuleTemplate"/>
<ruleTemplate name="salaryManagementAccessForm.payrollReviewRuleTemplate"/>
<ruleTemplate name="salaryManagementAccessForm.daReviewRuleTemplate"/>
<ruleTemplate name="salaryManagementAccessForm.implementorRuleTemplate"/>
<ruleTemplate name="salaryManagementAccessForm.daImplementRuleTemplate"/>
</ruleTemplates>
Note: XML not complete or correct
![Page 38: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/38.jpg)
38 – 04/19/23, © 2009 Internet2
Doctype Doctype – settings and security– settings and security<?xml version="1.0" encoding="UTF-8"?>
<documentType name="salaryManagementAccessForm">
<postProcessorName>GrouperEdocliteDatabasePostProcessor</postProcessorName>
<superUserGroupName namespace="financialBalances">financialBalancesAdmins</superUserGroupName>
<security routeLogAuthenticated="true">
<groupName namespace="etc">kualiAdmins</groupName>
<groupName namespace="formReaders">HumanResourcesReaders</groupName>
</security>
…
<simpleNode name="emailNode">
<from>[email protected]</from>
<testAddress>[email protected]</testAddress>
<to>initiator</to>
<style>salaryManagementAccessForm.emailInitiatorTemplate</style>
<type>org.kuali.rice.kew.mail.EmailNode</type>
</simpleNode>
Note: XML not complete or correct
![Page 39: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/39.jpg)
39 – 04/19/23, © 2009 Internet2
Doctype Doctype – route nodes and rules– route nodes and rules <routeNodes>
<start name="Initiated" />
<split name="routeOnBehalfSplit" type="RemoveGoRightSplitNode" />
<simple name="rightNoOpNode" type="NoOpNode" />
<requests name="leftOnBehalfOfNode">
<ruleTemplate>salaryManagementAccessForm.onBehalfOfRuleTemplate</ruleTemplate>
</requests>
<join name="kimJoin" />
<requests name="supervisorNode" ruleTemplate="supervisorRuleTemplate" />
<requests name="basNode" ruleTemplate="basRuleTemplate2" />
<requests name="hrNode" ruleTemplate="hrReviewRuleTemplate" />
<requests name="payrollNode" ruleTemplate="payrollReviewRuleTemplate" />
<requests name="daReviewNode" ruleTemplate="daReviewRuleTemplate" />
<requests name="seoNode" ruleTemplate="implementorRuleTemplate" />
<requests name="daImplementNode" ruleTemplate="daImplementRuleTemplate"/>
Note: XML not complete or correct
![Page 40: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/40.jpg)
40 – 04/19/23, © 2009 Internet2
Doctype Doctype – route paths– route paths<routePath>
<start name="Initiated" nextNode="routeOnBehalfSplit" />
<split name="routeOnBehalfSplit" nextNode="supervisorNode">
<branch name="leftBranch">
<requests name="leftOnBehalfOfNode" nextNode="kimJoin" />
</branch>
<branch name="rightBranch">
<simple name="rightNoOpNode" nextNode="kimJoin" />
</branch>
<join name="kimJoin" />
</split>
<requests name="supervisorNode" nextNode="basNode" />
<requests name="basNode" nextNode="hrNode" />
<requests name="hrNode" nextNode="payrollNode" />
<requests name="payrollNode" nextNode="daReviewNode" />
<requests name="daReviewNode" nextNode="seoNode" />
<requests name="seoNode" nextNode="daImplementNode" />
<requests name="daImplementNode" nextNode="emailNode" />
<simple name="emailNode" />
</routePath>Note: XML not complete or correct
![Page 41: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/41.jpg)
41 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – link attributes with screen fields– link attributes with screen fields <edl name="salaryManagementAccessForm.form" title="Salary Management">
<attributes>
<attribute name="salaryManagementAccessForm.onBehalfOfPennId">
<field attributeField="principalId" edlField="onBehalfOfPennId" />
</attribute>
<attribute name="salaryManagementAccessForm.supervisorPennIdRoleAttribute">
<field attributeField="principalId" edlField="supervisorPennId" />
</attribute>
<attribute name="salaryManagementAccessForm.groupName">
<field attributeField="workgroupName" edlField="groupName" />
</attribute>
</attributes>
Note: XML not complete or correct
![Page 42: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/42.jpg)
42 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – define all screen fields– define all screen fields <fieldDef name="onBehalfOfPennId" title="On behalf of UserId">
<display type="text" size="15" />
</fieldDef>
<fieldDef name="onBehalfOfDescription" title="On behalf of Description">
<display type="textarea" rows="2" cols="100" />
<validation required="true">Please find your supervisor</validation>
</fieldDef>
<fieldDef name="privilegeChange" title="Privilege change">
<display type="radio" />
<values title="New ID">add</values>
<values title="Change privs">update</values>
<values title="Remove privs">remove</values>
<validation required="true">Please select 'Privilege change'</validation>
</fieldDef>
…
Note: XML not complete or correct
![Page 43: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/43.jpg)
43 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – XSL variables– XSL variables<xsl:variable name="actionable" select="/documentContent/documentState/actionable" />
<xsl:variable name="docHeaderId" select="/documentContent/documentState/docId" />
<xsl:variable name="editable" select="/documentContent/documentState/editable" />
<xsl:variable name="globalReadOnly" select="/documentContent/documentState/editable != 'true'" />
<xsl:variable name="docStatus" select="//documentState/workflowDocumentState/status" />
<xsl:variable name="isAtInitiated" select="my-class:isAtNode($docHeaderId, 'Initiated')" />
<xsl:variable name="isDaReview" select="my-class:isAtNode($docHeaderId, 'daReviewNode')" />
Note: XML not complete
![Page 44: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/44.jpg)
44 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – custom Javascript validations– custom Javascript validations//get the value from the privilege change radio button
var privilegeChange = $('input[name=privilegeChange]:checked').val();
//if we are updating or removing, then the oracle ID is required
if (privilegeChange == 'update' || privilegeChange == 'remove') {
if (riceIsBlank($('input[type=text][name=oracleId]').val())) {
alert('Please enter the Oracle ID that needs to be ' + privilegeChange + 'd');
return false;
}
}
Note: uses jquery
![Page 45: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/45.jpg)
45 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – screen HTML with XSL variables– screen HTML with XSL variables<xsl:template>
…
<tr>
<td class="fieldLabel">Expiration date (yyyy-Mon-dd)</td>
<td valign="top" class="fieldAsterisk"></td>
<td class="fieldInfo" id="expirationDateFieldInfoId">
<xsl:call-template name="widget_render">
<xsl:with-param name="fieldName" select="'expirationDate'" />
<xsl:with-param name="renderCmd" select="'input'" />
<xsl:with-param name="readOnly" select="$isPastInitiated" />
</xsl:call-template>
</td>
</tr>
…
<xsl:call-template name="supervisorRows" /> <!-- include from common file -->
…
<xsl:template>
![Page 46: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/46.jpg)
46 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – associate style, def, doctype– associate style, def, doctype <association>
<docType>salaryManagementAccessForm</docType>
<definition>salaryManagementAccessForm.form</definition>
<style>salaryManagementAccessForm.style</style>
<active>true</active>
</association>
</edoclite>
![Page 47: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/47.jpg)
47 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – rules– rules<rule name="salaryManagementAccessForm.onBehalfOfRule">
<ruleTemplate>onBehalfOfRuleTemplate</ruleTemplate>
<!-- dynamic person -->
<responsibility role="PrincipalIdRoleAttribute!principalId" />
</rule>
<rule name="salaryManagementAccessForm.basRule">
<ruleTemplate>basRuleTemplate2</ruleTemplate>
<description>Route to financial balances bas</description>
<forceAction>true</forceAction> <!-- user might approve again -->
<!-- dynamic group from drop down -->
<responsibility role="WorkgroupRoleAttribute!workgroupName" />
</rule>
<rule name="salaryManagementAccessForm.hrReviewRule">
<ruleTemplate>hrReviewRuleTemplate</ruleTemplate>
<responsibility>
<!-- always route to this group -->
<groupName namespace="approvers">HumanResources</groupName>
</responsibility>
</rule>Note: not complete or correct XML
![Page 48: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/48.jpg)
48 – 04/19/23, © 2009 Internet2
eDocLite eDocLite – email template for initiator when final– email template for initiator when final<style name="salaryManagementAccessForm.emailInitiatorTemplate">
<xsl:template match="emailNode">
<email>
<subject>Salary Management Data Warehouse Access <xsl:value-of select="*/routeHeaderId" /></subject>
<body>
You now have access to the Salary Management data collection in the Warehouse.
Your ID, for the Data Warehouse and Business Objects, is: <xsl:value-of select="*/version[@current='true']/field[@name='oracleIdAssigned']/value" />
…
Note: note complete XML
![Page 49: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/49.jpg)
49 – 04/19/23, © 2009 Internet2
Setup or re-use groups in GrouperSetup or re-use groups in Grouper
![Page 50: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/50.jpg)
50 – 04/19/23, © 2009 Internet2
Setup or re-use groups in GrouperSetup or re-use groups in Grouper (continued)(continued)
![Page 51: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/51.jpg)
51 – 04/19/23, © 2009 Internet2
Setup or re-use groups in Grouper - continuedSetup or re-use groups in Grouper - continued
•Create a group•Allow the Rice grouperClient user to READ members•Add members (usually ~2 for approvers, one primary, one backup)•Grant privileges if self managed (maybe the approvers can delegate to others)
•If so, send the link to the Grouper simple management UI for the group
![Page 52: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/52.jpg)
52 – 04/19/23, © 2009 Internet2
Setup or re-use groups in Grouper - continuedSetup or re-use groups in Grouper - continued
•Send link for simple membership UI to editors
![Page 53: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/53.jpg)
53 – 04/19/23, © 2009 Internet2
Make an eForm - summaryMake an eForm - summary•Lots of XML to write•Lots of copy/paste (don’t mess that part up, could affect existing forms)•Not too hard•Could be time consuming and require an expert for troubleshooting•Penn only uses central data administration to manage the forms (no one else can use the ingester)
![Page 54: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/54.jpg)
Penn production deploymentPenn production deployment
![Page 55: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/55.jpg)
55 – 04/19/23, © 2009 Internet2
Penn statsPenn stats•26 forms in “soft launch”, users can use paper or eForms•Live for 1 month•A few dozen eForms initiated•A dozen users•A few user comments that we are incorporating (included in this presentation)•Lots of interest to expand the conversion of paper forms to eForms
![Page 56: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/56.jpg)
56 – 04/19/23, © 2009 Internet2
Penn internal guidelinesPenn internal guidelines•Keep all parts of form in CVS
•CVS is the system of record (cannot get XML out of Rice)
•Naming standard for all parts•Starts with unique camel-case prefix, e.g.salaryManagementAccessForm.• Note, the doctype should just be salaryManagementAccessForm since user sees it
![Page 57: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/57.jpg)
57 – 04/19/23, © 2009 Internet2
CVS screenshot of formsCVS screenshot of forms
![Page 58: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/58.jpg)
58 – 04/19/23, © 2009 Internet2
CVS screenshot of form historyCVS screenshot of form history•Note, this could be subversion, or whatever
![Page 59: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/59.jpg)
59 – 04/19/23, © 2009 Internet2
Our copy of Rice is in CVSOur copy of Rice is in CVS
![Page 60: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/60.jpg)
60 – 04/19/23, © 2009 Internet2
Separate out customized filesSeparate out customized files
![Page 61: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/61.jpg)
61 – 04/19/23, © 2009 Internet2
Externalize parts that change per envExternalize parts that change per env
![Page 62: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/62.jpg)
62 – 04/19/23, © 2009 Internet2
Ant script generates four warfilesAnt script generates four warfiles•Warfiles for local dev, integrated dev, test, prod•Once the tomcat is setup (5.5, config stub in /conf with password, encryption files, etc)•Similar to this document•Each tar.gz has a different kualiRice.war in it
![Page 63: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/63.jpg)
Future plansFuture plans
![Page 64: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/64.jpg)
64 – 04/19/23, © 2009 Internet2
Future plansFuture plans•More code generation to ease form creation•Convert more access management forms•Roll-out a service for other schools in the University
•Not sure how this will be structured
![Page 65: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/65.jpg)
CustomizationsCustomizations
![Page 66: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/66.jpg)
66 – 04/19/23, © 2009 Internet2
Change “Route” button textChange “Route” button text•Our users didn’t know what “route” meant, vs. “save”•We changed “route” to “submit”, and put an alert on “save” and “save note”
![Page 67: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/67.jpg)
67 – 04/19/23, © 2009 Internet2
Change Save alertChange Save alert•Our users didn’t know that Save doesn’t Route•We put an alert on “save” and “save note”•Note: we should probably clarify “disapprove” and “return to previous” similarly…
![Page 68: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/68.jpg)
68 – 04/19/23, © 2009 Internet2
Link to My SubmissionsLink to My Submissions•Would be nice to have a link to My Submissions from static HTML
•Similar to links to start documents, or action list
![Page 69: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/69.jpg)
69 – 04/19/23, © 2009 Internet2
Link to My Submissions (continued)Link to My Submissions (continued)•Just add a JSP to kuali webapp
![Page 70: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/70.jpg)
70 – 04/19/23, © 2009 Internet2
Generate parts of eDocLiteGenerate parts of eDocLite•Supports up to 50 orgs, all be defined
![Page 71: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/71.jpg)
71 – 04/19/23, © 2009 Internet2
Generate parts of eDocLiteGenerate parts of eDocLite•Generate HTML for orgs
![Page 72: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/72.jpg)
72 – 04/19/23, © 2009 Internet2
Generate “custom tag” with Java in XSLGenerate “custom tag” with Java in XSL•Screenshot
![Page 73: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/73.jpg)
73 – 04/19/23, © 2009 Internet2
Generate “custom tag” with Java in XSLGenerate “custom tag” with Java in XSL•Generate HTML for orgs (java source)
![Page 74: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/74.jpg)
74 – 04/19/23, © 2009 Internet2
Generate “custom tag” with Java in XSL (continued)Generate “custom tag” with Java in XSL (continued)
•Generate HTML for orgs (XSL)
![Page 75: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/75.jpg)
75 – 04/19/23, © 2009 Internet2
Pickers from external applicationsPickers from external applicationsOn eDoclite
External application
Press ‘Select’ on popup
Javascript in the edoclitesets the ‘readonly’ fields
Popup.close()Note: a variable is passed to the picker and back so the Javascript knows which fields to set. Can have multiple person pickers on the same screen.
1
3
3a
3b
Rice eDocLite
Press button for popup2
Submit GET to edoclite HTML page that calls javascript opener.handle(), due to browser restrictions
Note: this is a lot simpler if the external application is hosted on the same URL base as eDocLite…
Note: another issue, ahem…
![Page 76: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/76.jpg)
76 – 04/19/23, © 2009 Internet2
Authentication service overrideAuthentication service override•More flexible with SSO•Requires Grouper group (e.g. active Penn member)
![Page 77: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/77.jpg)
77 – 04/19/23, © 2009 Internet2
Immediate and daily email notificationsImmediate and daily email notifications•Penn wants immediate notifications on action items•If an item is more than one day old, send daily email
![Page 78: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/78.jpg)
78 – 04/19/23, © 2009 Internet2
Immediate and daily email notifications Immediate and daily email notifications (continued)(continued)•Make a view to hold people to send to
•Note: sometimes there are orphans in krew_actn_itm_t
•From FINAL docs•From CANCELLED docs•We manually delete them from the table
![Page 79: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/79.jpg)
79 – 04/19/23, © 2009 Internet2
Remove title column from search resultsRemove title column from search results•For eDocLite only Rice deployments, this col is redundant
![Page 80: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/80.jpg)
80 – 04/19/23, © 2009 Internet2
On behalf of vs. initiatorOn behalf of vs. initiator•Access management admins would like on behalf of to be initiator… for ‘my forms’, searching, results lists, etc
![Page 81: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/81.jpg)
81 – 04/19/23, © 2009 Internet2
Message to user when buttons pressedMessage to user when buttons pressed•eDocLite by default shows a readonly screen (confusing)
•(granted if exceptions happen, might not be accurate )•Several pieces to make this happen… threadlocal for request, and request parameters… and the XSL logic
![Page 82: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/82.jpg)
82 – 04/19/23, © 2009 Internet2
Add vs. remove branch codeAdd vs. remove branch code•If ‘remove’ then ‘on behalf of’ doesn’t approve form•Doctype:
•Java
•Note: would be nice to be able to do this without Java
![Page 83: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/83.jpg)
83 – 04/19/23, © 2009 Internet2
Group and permission provisioning to GrouperGroup and permission provisioning to Grouper•When eForm is complete, initiator can be automatically granted group memberships or permissions in Grouper•Doctype:
•Or, to not save in database also:
•Note: would be nice to be able attach multiple post processors to pick and choose…
![Page 84: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/84.jpg)
84 – 04/19/23, © 2009 Internet2
Group provisioning to Grouper (continued)Group provisioning to Grouper (continued)•Example screenshot of form
![Page 85: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/85.jpg)
85 – 04/19/23, © 2009 Internet2
Group provisioning to Grouper (continued)Group provisioning to Grouper (continued)•Configure in the grouper config file
![Page 86: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/86.jpg)
86 – 04/19/23, © 2009 Internet2
Group provisioning to Grouper (continued)Group provisioning to Grouper (continued)•Result is initiator is in group, and optional email sent to admins
![Page 87: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/87.jpg)
87 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Sample screenshot
![Page 88: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/88.jpg)
88 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Note, you can provision groups and permissions in same form•Configure in the grouper config file for roles to provision
![Page 89: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/89.jpg)
89 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Configure in the grouper config file for operation to provision
•Note, had to add enhancement of “replace” as a Grouper permissions web service operation…
![Page 90: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/90.jpg)
90 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Configure in the grouper config file for actions to provision
![Page 91: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/91.jpg)
91 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Configure in the grouper config file for permissions to provision
![Page 92: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/92.jpg)
92 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Configure in the grouper config file for permissions to provision (continued)
![Page 93: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/93.jpg)
93 – 04/19/23, © 2009 Internet2
Permission provisioning to Grouper Permission provisioning to Grouper (continued)(continued)
•Email once permissions provisioned
![Page 94: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/94.jpg)
Documentation contributionsDocumentation contributions
![Page 95: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/95.jpg)
95 – 04/19/23, © 2009 Internet2
Doc additions – quick startDoc additions – quick start•Windows / Mysql quick start•Linux / Oracle quick start
![Page 96: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/96.jpg)
96 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite examplesDoc additions – eDocLite examples
![Page 97: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/97.jpg)
97 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite exampleDoc additions – eDocLite example
![Page 98: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/98.jpg)
98 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 99: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/99.jpg)
99 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 100: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/100.jpg)
100 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 101: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/101.jpg)
101 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 102: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/102.jpg)
102 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 103: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/103.jpg)
103 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
![Page 104: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/104.jpg)
104 – 04/19/23, © 2009 Internet2
Doc additions – eDocLite example (continued)Doc additions – eDocLite example (continued)
•These examples work start to finish•Would be nice to get contributions like this from other users
![Page 105: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/105.jpg)
105 – 04/19/23, © 2009 Internet2
Doc additions – service overridesDoc additions – service overrides
•The group and entity service overrides of the Grouper KIM connector are open source, can be used as examples•All the design and discussion is on the Grouper KIM connector wiki
![Page 106: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/106.jpg)
WishlistWishlist
![Page 107: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/107.jpg)
107 – 04/19/23, © 2009 Internet2
Penn’s eDoclite wishlistPenn’s eDoclite wishlist(most things have been discussed with Kuali team and might be Jiras)Note: things might exist already, and I don’t know about them•Workflow GUI•Improved security•Fewer silent failures
•E.g. in a mail node is in non prod and doesn’t have testAddress, then it silently doesn’t send the email•E.g. if route to inputted user is not quite correct, the user data will be blank, and skips that node•E.g. XSL you do <xsl:when test="($userAction) == 'initiate'">instead of: <xsl:when test="($userAction) = 'initiate'">java.lang.NullPointerException at org.kuali.rice.kew.edl.EDLControllerChain .renderEDL(EDLControllerChain.java:50)
![Page 108: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/108.jpg)
108 – 04/19/23, © 2009 Internet2
Penn’s eDoclite wishlist (continued)Penn’s eDoclite wishlist (continued)•Dynamic split node that doesn’t require Java
•Maybe I will contribute this?•On upgrade from 1.0.1 to 1.0.2.1, Grouper connector broke due to Rice API changes, prefer backwards compatible•The Rice ingester sometimes has orphaned rules / templates / etc. Nice to be able to replace with ingester•Sometimes orphans in krew_actn_itm_t, nice to have daemon to clean it up (erroneous daily emails)•Would be nice if search screens had default sort order (e.g. eDocLite search could default to sort by document type)•Would be nice of all overridable services had good Javadoc•Would be nice if Document Operation Screen were better documented including examples
![Page 109: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/109.jpg)
109 – 04/19/23, © 2009 Internet2
Penn’s Email / Jira requestsPenn’s Email / Jira requests•51 emails to rice-collab, all answered•13 Jira’s initiated, 5 closed
![Page 110: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/110.jpg)
Phew…. We made it…Phew…. We made it…
![Page 111: Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e205503460f94b0bede/html5/thumbnails/111.jpg)
Kuali eDoclite and Grouper for Kuali eDoclite and Grouper for access forms workflow at Pennaccess forms workflow at Penn9-Nov-2010, Kuali DaysChris Hyzer, University of Pennsylvania developer
For more information, visit www.internet2.edu
111 – 04/19/23, © 2009 Internet2