The Forefront Identity Manager Certificate Management (FIM CM) Notification interface is an extensibility mechanism for developing applications that respond to events generated in FIM CM. FIM CM Notification interface provides a simple and powerful programming framework that enables you to quickly create and deploy notification applications, with minimal integration effort with FIM CM.
Usage Scenarios
The following scenarios provide examples of how you can use the FIM CM Notification API.
- Send notification to a distribution group in
addition to a user or a manager when one-time passwords are created
and a request has been approved.
- Integrate notification with a physical access
system. This is useful in order to signal when a FIM CM-managed
smart card has been disabled and likely must be deactivated in the
physical access system. Alternatively, you can signal when a smart
card has been successfully enrolled in FIM CM for physical access
activation.
- Send notification to a user’s mobile phone
about the availability of a one-time password that will help
unblock a smart card. This is in addition to notifying a regular
e-mail account.
- Update a custom audit system of certificate
issuance, renewal, and revocation events performed by FIM CM.
Extending FIM CM with Notification Subscriptions
The FIM CM Notification programming framework is defined in .NET Framework interfaces.
Notifications are a rich set of synchronous events raised in real-time that can be used as triggers to perform custom processing that extends FIM CM functionality.
Notifications reflect the preferences of the subscriber, which is a user-defined DLL (notification handler) that listens to an event fired by FIM CM. You define the mapping between event fired and the subscriber in the web.config file. A notification handler is implemented in code by using the INotificationSink interface. The notification handler creates a subscription to express an interest in the event. Examples for subscriptions can include "notify me when the One Time Passwords have been generated for a request” or "notify me when the smart card enrollment process has completed."
A notification is generated and sent to the notification handler as soon as a triggering event occurs. This is performed synchronously as part of FIM CM server processing. This means that when the event handler is executing, the FIM CM server processing is waiting for it to finish. Notifications are one-way. This means that FIM CM will alert the notification handler at the time of the event. However, the notification handler’s processing does not send data back to the FIM CM server and affect continual processing.
All notification events map to FIM CM server processing and can only be generated by the FIM CM server.
Once notification messages are sent to the notification handler, the notification handler decides how to process that event. For example, handlers can relay the messages to other parties such as the following.
- Recipients other than the subscriber,
originator, or subscriber’s manager. For example, the notification
can be sent to a distribution list that contains all users who
could perform a Web server renewal request.
- A wide variety of devices. Rather than just
sending e-mail messages, messages can be sent to cell phones or
other devices.
Advantages of Using Notifications
You can take advantage of notifications to perform the following actions:
- Perform custom actions that are not available
in the base FIM CM system. You can extend FIM CM functionality to
perform actions specific to your environment and deployment
needs.
- Tie your FIM CM processing to the details of
business needs and environment requirements.
- Interact with systems that are not supported
by standard FIM CM processing, such as a physical access control
system.
- Provide notifications for mobile users over a
wide variety of devices.