This topic includes a sample implementation of the ICustomItemValidator2 interface provided with Forefront Identity Manager Certificate Management (FIM CM). For more information on the requirements needed to develop an assembly implementing ICustomItemValidator2, see Introduction to ICustomItemValidator2.

Programming Model

To provide custom smart card initialization, you will need to create a class which implements the ICustomItemValidator2 interface, and implements its methods.

Object Lifetime

FIM CM instantiates objects of your custom class each time a validation is required. After that validation is complete, your object will not be reused for other validations.

Request Processing

The validation of data collection items can occur during multiple points in a request’s lifecycle. The validation timing depends on who is configured to provide the data and the type of request workflow configured for the policy. For example, if the data item to validate is configured to be provided by the end-user and the request workflow allows self-initiated requests, the data validation will occur after the end-user has provided the data items during request initiation.

If your custom validation class detects data that does not satisfy your custom validation rules, you need to signal the validation failure by throwing an exception of type ClmValidationException.

In your validation handler, you can use functionality from the Provision API to obtain more detailed information of the data being processed. Because you are running in the same process as FIM CM, you should disable .NET Remoting in these cases.

The request object passed to your validation object is an internal FIM CM object. You should not access that object directly as its methods and properties may change in the future. Instead, use that request object’s RequestUUID property to load the Provision API request object.


Contoso, Inc. has developed an assembly that implements ICustomItemValidator2 in order to validate custom data items contained on their employee smart cards

C#  Copy Code
using Microsoft.Clm;
using Microsoft.Clm.Common;
using Microsoft.Clm.Common.Requests;
using Microsoft.Clm.Provision;
using Microsoft.Clm.Shared;
using System;

namespace Contoso.Clm.Interfaces
	 public class CustomDataItemValidator: ICustomItemValidator2, IDisposable
		 public CustomDataItemValidator()
				 // TODO: Perform custom class initialization

		 public void Dispose()

		 public void VerifyDataItem(string dataItemName,
									object dataItemValue,
									string strCurrentUser,
									string xml,
									Request request)
				//Communicate that this function was called. 
				System.Diagnostics.Trace.WriteLine("CustomDataItemValidator. VerifyDataItem was called "); 

				//load details for the request
				Request requestDetails =			FindOperations.GetRequest(request.RequestUUID);

				//communicate some request details
				System.Diagnostics.Debug.Write("Request Type: " +				requestDetails.RequestType.ToString()); 
				System.Diagnostics.Debug.Write("Profile Template: " + requestDetails.ProfileTemplateUuid); 
				// TODO: Add custom data-item processing goes here


See Also