Thursday, December 27, 2012

String.Replace and FIM EmailTemplates

Had this awesome idea the other day and totally got foiled by my FIM box.  Thought I’d be crafty and generate some fancy HTML for an email notification, then I’d use my Action Workflow to store that HTML snippet in the FIM workflow dictionary.  Next I’d consume it in my Notification Activity by simply referred to the workflow dictionary like this:


Would have totally worked too, but FIM pulled a fast one on me, and did some encoding on the data I stuffed into the dictionary, so by the time it was passed to the EmailTemplate it no longer resembled HTML, and of course didn’t render.

EmailTemplates and the WorkflowDictionary: 0

PowerShell WF Activity and Send-MailMessage: 1

Since I already was using a PowerShell WF activity to construct the HTML snippet, instead of passing the HTML snippet to the workflow dictionary, I just sent the message from PowerShell using Send-MailMessage. 

The best issues to run into are the ones where YOU can craft a solution.  In this case I can’t complain too much because I still arrived at a solution and it was actually easier to decorate with logging and exception handling.

Learning About FIM Authentication Activities

The FIM Service’s policy engine has three types of workflows:

  • Authentication
  • Authorization
  • Action

Most of the work I’ve done with FIM has used Authorization and Action workflows which are relatively straight forward (especially when you use PowerShell!).  Until recently I’ve respected that AuthN workflows were mostly there to enable FIM’s Self-Service Password Reset functionality, and marveled at Jeremy and Ikrima when they demonstrated custom AuthN WF solutions at TEC (RIP TEC BTW, so sad). 

Recently I’ve been lucky enough to have an opportunity to do some prototyping work for a design I’m working on, and the thing I have to prove is that AuthN workflows in FIM can handle the manner in which I plan to abuse them.  This prototyping has been a ton of fun because AuthN workflows are SO different than the other workflow types but are still hosted and managed by FIM.  The fall-back would be to use a custom service with a backing store, which I really prefer to avoid because it introduces more moving parts which then have to be automated, tested and managed.  So the added complexity of AuthN WF can be justified.

Over the coming weeks I expect to post more about this, including the PowerShell scripts I’ve been using to automate the setup and testing of the prototype.  

Thursday, December 20, 2012

Downloading Files from TFS

There are many ways to deploy FIM, but I always try to start deployments from files that are version controlled by TFS.  Once you’ve stored your deployment scripts in TFS, you need to get them onto the FIM computer.  I typically do this by copying files, but have been thinking of trying a different approach – taking the files directly from TFS.

Turns out you don’t need Visual Studio installed to get files from TFS version control, just a single DLL.  With this approach you can have a small script on the server download the file from TFS directly onto the FIM computer.

Here’s the script snippet showing how to do it:


### I got this file from: C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ReferenceAssemblies\v2.0

### NOTE: visual Studio does not need to be installed where this runs...


add-type -Path C:\TFSTest\Microsoft.TeamFoundation.VersionControl.Client.dll



### Connect to TFS Version Control


$TFS = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer('http://myTfsServer:8080/tfs/FIM')

$VersionControlServer = $TFS.GetService([Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer])



### Get an item from Source Control and download it


$TfsItem = $VersionControlServer.GetItem('$/MyFimProject/DeploymentScripts/DeployFimConfig.ps1')




Wednesday, December 12, 2012

Compliance Doesn’t Have to be Costly or Complex

A few years ago when I joined Edgile I was enticed by a number of positive attributes about the company but one of them was simply that there were multiple businesses.  FIM deployments represent a healthy business for Edgile (that’s where I play) but another budding gem is the iGRC business.  The folks running that program are heavily experienced in GRC and have produced a great product that is already well received by its customers.  As it turns out the businesses are sometimes complimentary, but they do not depend on each other at all.  As an employee it’s a neat opportunity to get to work on a different product, but the demand for FIM isn’t such that I’ll be making change anytime soon!

Tuesday, December 11, 2012

Dell's acquisitions not yet paying dividends

Still waiting for official news about the TEC conference, but the rumours are not promising.  In the interim it appears Dell's acquisitions are not yet paying dividends which I’m not surprised or upset by.  My secret wish is that Dell continues to pick up Systems Integration firms so the one that I own stock in gets a big bump!  My other secret wish was that Dell would continue the TEC conference…

Wednesday, December 05, 2012

ISmsServiceProvider.SendSms Method

OK, I’m an MSDN troll, I’m always looking in there for new toys.  Found this one a little while ago but haven’t had time to work with it:

ISmsServiceProvider.SendSms Method (Microsoft.IdentityManagement.SmsServiceProvider)

The pages appear generated from the assemblies so have no real human explanations for what this class does or how to use it.  I expect we’ll see more detail as the doc team catches up with R2.

It is only worth talking about right now because of the recent Phone Factor acquisition by Microsoft, and the fact that I need to implement some SMS functionality in an upcoming project.  Hopefully by then I’ll have more to share than just an MSDN page for a class in FIM 2010 R2 I haven’t used yet!