This topic covers the Forefront Identity Manager Certificate Management (FIM CM) ICustomItemValidator2 Customization Interface, including usage scenarios, sample code, and links to related technologies.

Keywords

Data item, validation.

Background

FIM CM request workflows can be configured to collect additional user information. This additional data can be configured to be provided by end-users or by administrators. This is configured as part of the Data Collection section of each FIM CM policy.

FIM CM's Data Collection policy can also be configured to require validation of the collected data. A number of built-in mechanisms exist for data validation. Developers can also provide custom validation of smart card data items by developing .NET assembly DLLs that implement the ICustomItemValidator2 interface.

Developers may wish to provide custom data validation in a number of scenarios, such as the following:

Enhanced User Identity Assurance

Tailspin Toys wants to provide a higher level of assurance for users who use the self-service certificate management policies by validating additional information about the user. They have configured a data collection section to include the employees last pay check balance and configured a custom data validator. The employees pay is private information specific to each user and it is stored in the HR database. During the request execution, their custom data item validator will validate the supplied user data against the HR system.

Email Address Validation

City Power & Light would like to include an alternate email address as part of the enrollment process that is may use during other management operations. They have configured a data collection for the enrollment policy with their custom validator. To ensure the users’s provide the email in the correct format, they have implemented a custom validator that will verify the email string and ensure it is in the expected format.

Custom Card Unblock Data

Contoso Pharmaceuticals has collected a number of question-and-answer pairs for each user during their standard user enrollment. They are planning to use self-service smart card unblock workflow and to further validate the user, they will require the user to provide the answer to their questions. They have configured data collection with their custom validator for the smart card unblock policy. In their implementation of the validator, they will look up the user’s answer in their provision data base to ensure it matches the previously collected information.

In order to extend the built-in functionality of the FIM CM's data item validation, developers should create a .NET assembly DLL that extends the ICustomItemValidator2 interface.

Creating Extension Assemblies
  1. First, you must include a reference to the assembly that contains the ICustomItemValidator2 interface. In Visual Studio.NET, create a new .NET DLL project. In the Solution Explorer, right-click References and select Add Reference…. Navigate to the location of the Microsoft.Clm.Common.dll assembly included with FIM CM, and click OK.

  2. Next, write and compile your assembly, using the information in this documentation. Test the assembly thoroughly.

  3. Once you have a working assembly, deploy it to the FIM CM server's c:\program files\microsoft forefront identity manager\certificate management\bin and c:\program files\microsoft forefront identity manager\certificate management\web\bin directories. Alternately, the assembly can be deployed to the server's Global Assembly Cache (GAC).

  4. Configure FIM CM to begin calling into your assembly. For ICustomItemValidator2 extensions, this is done via the FIM CM administrative interface, for each policy, on in the Data Collection section. For more information on configuring these items, see FIM Certificate Manager Technical Reference.

Microsoft.Clm Namespace

Technology Area Class/Interface/Property

Custom Data Item Validation

ICustomItemValidator2

See Also


Send comments about this topic to Microsoft.
© 2007 Microsoft Corporation. All rights reserved.