The Identitry Blog About and around Microsoft products Forefront Identity Manager 2010 and ADFS

My former collegue and Biztalk MVP Alan Smith have posted the first in a series of webcasts about Workflow Foundation 4.0 that I believe will be the version we'll see in the final version of Forefront Identity Manager 2010.

Visit Alan's blog http://geekswithblogs.net/asmith/archive/2009/05/19/132272.aspx or go directly to http://bloggersguides.net/ where Alan publishes his webcasts and more...

...And there are a lot of news where these sounds most interesting to me:

• Pluggable provider model
• Support for SAML 2.0 SP-Lite
• Load Balancing
• Support for AD RMS
• SharePoint 2007 Support

I just wonder if SAML2 Idp Lite is supported out of the box now?

Check out the Geneva Team Blog for more info.

I got a comment from Joe Stepongzi today and he didn’t like my Normalize Diacritic Characters Activity that is a part of my Cortego ILM 2 Workflow Activity Library:

The use of the Normalize Diacritic Characters Activity is to normalize characters with different kinds of diacritics into pure characters or how I should define it? The main reason I've created this activity is that I'm from Sweden and must handle "ÅÄÖ" but I'm also working for a company that has a lot of employees in the eastern European countries and that is a nightmare when trying to create for example email addresses. This could be hard to understand for Britain’s and Americans since English is a language where diacritics are sparsely used and this wouldn't have been a problem if the Americans would have understood from the beginning there are other languages than English and a need for other standards than ASCII. Here are a couple of examples of what could be accomplished (I do hope your browser supports Unicode otherwise you'll probably see a lot of boxes):

• å –> a (Used in Scandinavian languages more)
• Å –> A (Capital å)
• Ӑ –> A (Cyrillic A with breve more)
• ѓ –> г (Cyrillic Gje more)
• Ё –> E (Cyrillic Yo more)
• ペ -> ヘ (Katakana and Hiragana (Japanese) letter He, note how the normalization removes the Handakuten.) 

As you see the activity is only normalizing diacritics by removing any Unicode spacing marks and this is how it works code wise using the System.Globalization namespace for normalization of diacritics:

First of all the input string is normalized into Form D that decomposes characters in this way:

• å –> a + Ring
• Ё –> E + Umlaut
• æ –> a + e (Used in Danish, Norwegian and old English more)
• 각 –>  ᄀ + ᅡ+ ᆨ (Hangul letter used in Korea)

Then all characters defined as Unicode spacing marks are removed and in the example above the ring and the dots (umlaut) are removed. Finally the remaining string is normalized into Form C, composing characters back, for example:

• a -> a (The ring is already removed)
• E -> E (The umlaut is already removed)
• a + e –> æ (Note: if the original input would have been “ae” it would not become “æ”)
• ᄀ + ᅡ + ᆨ –> 각

Normalizing a eastern European name like "Lāčkāja Lapiņš" would end up as "Lackaja Lapins" and a typical Swedish name like "Åsa Öberg" would end up as "Asa Oberg", a lot easier to handle for creating different kind of names and also widely accepted in the countries where diacritic characters are used.

As you can see, characters are not as Joe thought changed into multiple characters but he do have a point in that for example email addresses should be handled at the source and not in ILM2/FIM2010... But if you would like accounts and mailboxes to be automatically created from for example an HR system, one of the best practices of Identity Management... You might be forced to create the email addresses and other system names following your naming standards unless you trust your HR personnel having full control over all existing email addresses and names. It’s up to you to make sure input characters are valid but by using this activity you don’t have to worry about macrons, curls, dots, accents and so on but as you can see the 각 and æ characters is not changed or removed so they would still a be problem when creating email addresses.

A solution to make sure you get valid strings after normalization could be to use my Regex Replace Activity to remove or replace any remaining characters that isn’t valid in the context you’re using it. In order to get unique names or email addresses you could use my Unique Name Activity. Both these activities is contained in the Cortego ILM 2 Workflow Activity Library. The pattern "[^a-zA-Z0-9\s]" could be used in the Regex Replace Activity to find and remove or replace all characters that is not within a-z, A-Z, 0-9 and whitespace characters.  

If you would like to know more about Unicode Normalization this is a great guide: Unicode Normalization Forms. If you would like to know how different characters from different scripts including Cyrillic, Greek, Latin, Thai, Katakana, and so on are composed/decomposed you could have a look at these Normalization Charts. A description of different kinds of diacritics could be found at Diacritic - Wikipedia.

Finally, do you trust your HR personnel or do you have a Catbert at your company? 

The RegexReplaceActivity that is introduced in the Cortego ILM 2 Workflow Activity Library is using the Regex class of System.Text.RegularExpressions namespace and by using the Replacement parameter of the Replace function we could actually do some real cool stuff. The Replacement parameter of the Replace function is translated into the Replacement property of the RegexReplaceActivity and there is no requirement the Replacement parameter must contain a plain text, it could in fact contain a replacement pattern as well and here is an example taken from the MSDN - Regular Expressions Examples used to change the format of dates. Please notice it's just an example, you're the one that must know how actual values are formatted and I don't know if using the EmployeeEndDate attribute with this example is appropriate.

Replace dates of the form mm/dd/yy with dates of the form dd-mm-yy.

Input value (from Expression): 04/30/09 or 04/30/2009 (there's a 2 to 4 characters quantifier for year in the Regex Pattern)
RegEx Pattern: \b(?<month>\d{1,2})/(?<day>\d{1,2})/(?<year>\d{2,4})\b
Replacement: ${day}-${month}-${year} 

  

Output value (Destination expression): 30-04-09 or 30-04-2009 – isn’t that cooljQuery15207980085869857615_1318365216111?
What happens is that the input data is captured into variables that are then used to format a new value.

Realize what you could do with this, you could in fact simply extract parts from or format input data to what ever you like!
A good source for more info about regular Expressions is .NET Framework Regular Expressions.

I have been working with Joe Zamora by mail contact and this forum thread to try and find out how the EnumerateResourcesActivity that comes with ILM2 RC0 work and yesterday Joe managed to get it working with some additional help from Nima in the product team.

It is really great we have got some info about this activity and now know how it works since it could be used to find resources within ILM from workflows without having to use the WS client. My first use of this will be to extend my UniqueName Activity to be able to search the ILM DB for free names.

I've just attended a great webinar performed by Joe Zamora at Ensynch and the last question he got was what they were planning to release next but he was a little bit secret about it.

I thought I could tell you that I'm currently working on a big secret thing (it will be released to the public) but except for that I will add support for finding unique names against the ILM DB, and I miss functionality for handling multi-value attributes among the functions so there is going to be a split multi-value activity in order to get a single value from a multi value and there will be a update multi-value function, I'm not sure if the last one will be a stand alone activity yet it could as well be a part of the update value activity.

Edit: ...obviously everything will be released to public when ready for it!

So here's the new design of the blog, if I should be able to fulfill my promise to myselt to blog more a gotta stand the layout and with this new one I hope it lasts longer than the three weeks I had with the old one.

I've updated the .Net Blog Engine while I were at it and also added the cool Odiogo feature that creates MP3 podcasts from what I've written, I do hope it works good because I haven't been able to test it yet.

Enjoy! 

The Ensynch guys have posted their activity library and their branding definitely beats mine except they don't have a Cortego logo :-).
They've published the source code as well and I recommend everyone to have a look at it!

http://c--shark.blogspot.com/2009/04/source-code-posted.html