.png)
Notification Service
Introduction
The Notification Service describes the content of Notifications through the configuration of NotificationDefinition and NotificationTemplate. Those include content that can be localized and that may be included in the notifications sent to end users. The notification content can also include reference to some of the notification event payload which includes various information.
Notification templates use Pebble as a templating engine. All functionalities available in Pebble can be used in Notification Templates. See Pebble documentation for further details. Some custom functions and filters, specific to Memortiy, are also available.
Pebble Functions
i18n function
Usage
key argument (String, mandatory)
The i18n key to translate.
params argument (Map or List, optional)
The i18n parameters. May be a List if the template only uses "positional" parameters ({0},...)
timezone argument (String, optional)
Must be a valid zone ID. Locally overrides the time zone for date/time formats (see below)
Examples
|
Note: Standard Pebble mechanisms are available, eg. variables may be used everywhere.
Fallbacking
Returns null if the i18n key does not exist
CODE{{object.enabledUntil | date("FULL",timezone="EET")}}If the key exists:
Determine the closest configured locale using the
LocaleResolutionClientIf a translation is available for this locale, use it
Otherwise, fall back the the default locale (as returned by the
LocaleResolutionClient)If there is no translation for the default locale either, return null
ISO8601 input
In addition to Date objects, the date and time formatters also accept ISO8601-formatted strings.
Timezone determination
The timezone is determined with the following precedence:
the
timezoneargumentthe
_timezonevariableif both are null/not set, fall back to "UTC"
Escaping
The translated message is returned as a SafeString, thus bypassing Pebble's auto escaping. However, if auto escaping is enabled, template arguments are escaped after formatting according to the default escaping strategy. This allows to use HTML tags in translation templates, while preserving safety regarding potentially untrusted arguments.
MessageFormat implementation
This uses ICU's MessageFormat implementation, which should be roughly compatible with frontend's messageformat.js. From messageformat.js website :
The ICU has an official guide for the format. Messageformat supports and extends all parts of the standard, with the exception of the deprecated ChoiceFormat.
featureUrl function
Usage
Builds an URL to access a Feature (and subFeature). Using specific objectId and query parameters can be mentionned.
String argument (featureId)
the feature Id.
Object argument (objectId)
the Managed Object Id.
Optional - String argument (subFeatureId)
the sub feature Id.
Optional - Map argument (query)
a Map containing request parameters.
Example
|
Workflow url functions
workflowUserTaskUrl function
Usage
Builds an URL to access a workfow user task to approve
String argument (userTaskId)
the user task id
workflowSecondaryCandidateUrl function
Usage
Builds an URL to access a workfow user task secondary candidate
String argument (userTaskId)
the user task id
workflowAdminUrl function
Usage
Builds an URL to access a workfow in the admin panel
String argument (userTaskId)
the user task id
workflowAboutMeUrlfunction
Usage
Builds an URL to access a workfow “about me” request
String argument (businessKeyType)
the business key type:
FEATURE_EXECUTIONROLE_ASSIGNMENT_OPERATION_EXECUTION
String argument (businessKeyValue)
The business key value (feature execution id or role assignment operation execution id)
String argument (rootProcessInstanceId)
The root process instance id
Example
|
workflowSubmittedByMeUrlfunction
Usage
Builds an URL to access a workfow “submitted by me” request
String argument (businessKeyType)
the business key type:
FEATURE_EXECUTIONROLE_ASSIGNMENT_OPERATION_EXECUTION
String argument (businessKeyValue)
The business key value (feature execution id or role assignment operation execution id)
String argument (rootProcessInstanceId)
The root process instance id
Example
|
objectForI18n function
Usage
Builds a new object with attribute names prefixed by 'object__', to comply with the object i18n conventions.
Object argument (object)
the Citadel Managed Object to work on.
Example
|
asset function
Usage
asset function generates the content for the src attribute of an <img> tag.
This function simplifies the process of embedding assets within your HTML content by dynamically creating the appropriate src value based on the provided arguments.
id argument (String, mandatory)
The unique identifier of the asset to be added to the notification. This id should correspond to an existing asset id.
mode argument (String, mandatory)
Specifies the format in which the asset is to be included in the notification.
Acceptable values are:
BASE64: Embeds the asset directly within the notification usingbase64encoding.CID: Links the asset using a content ID (CID), which references the asset in the notification.
Example:
|
Example Usage in html template:
For asset id primaryLogo and CID attachement mode.
|
Fallbacking
If the specified asset exists, it will be added to the notification according to the specified mode.
If the asset does not exist, the notification will still be sent, but without the asset.
Notes
BASE64mode is not compatible with Outlook. If you are targeting recipients using Outlook, consider using theCIDmode.Ensure that the asset
idprovided is correct and that the asset exists in the system to avoid notifications being sent without the intended asset.
Pebble Filters
date filter
Enhancement of the built-in filter with the following niceties:
Accept ISO8601-formatted strings in addition to
Dateobjects when no format is specifiedUse ICU's
SimpleDateFormat, for coherence with the i18n functionAdditional
timezoneargument. Timezone is determined the same way as in the i18n function
See Pebble documentation for further details.
Example
|
Result is : Thursday, November 19, 2020
time filter
Works as date filter, but to format times:
Accept ISO8601-formatted strings in addition to
Instantobjects when no format is specifiedUse ICU's
SimpleDateFormat, for coherence with the i18n functionAdditional
timezoneargument. Timezone is determined the same way as in the i18n function
Example
|
Result is : 4:28:00 PM GMT+02:00
objectToString filter
Usage
Uses an IM object as translation parameters for a given key, prefixing them with object__, as objectForI18n would do. If no translation key is specified, it will use the standard "excerpt" key.
Internally, it calls the i18n function, so everything regarding escaping, timezone, etc. applies.
key argument
The translation key to use. If null or empty, fall back to ui.model.<object kind>.{{object type.excerpt.
timezone argument
Overrides the timezone to use when formatting dates. See i18n function.
Example
|
Notification Actors
Multiple events need to be sent by Memority at different times to different actors.
An actor is identified by its role, which is determined by the context at the time of the notification.
The list of well known actors roles are:
subject: the identity that is authenticated when sending the notification, may not be the requester (for example, the BUM service may authenticate on the IDM to perform an operation on behalf of an actual person, which will be the requester - see below)
requester: the original subject which is responsible for the notification event.
identity: the identity that is the target of an operation that triggers the notification.
system: the system user, which is a service local "user" representation present for technical needs.
The system actor is, with Memority, always available in the notification event. Its properties are constructed from the settings in the IDM and BUM under idm.system.user.* and bum.system.user.* respectively. Defaults should be updated.
Notification Variables
Those are properties that are accessed directly from the Pebble template. Which variables are available depend on the Notification Event Type.
actors variable
Contains the actors, information, organized by Role. Because there can be multiple actors with the same roles, there a list of actors for each role.
An Actor is not an Object. It provides only a simple set of information, and sometimes an actor may not even correspond to a Memority identity. Their purpose is to provide just enough information to identify the person and its contact information (to send him/her the notification).
The properties available for an Actor are:
role
name
uid
email
phone (may be null)
language (may be null)
Example
Hello!, Your manager {{ actors['requester'][0].name }} has requested a Role for you: |
base_URL_USR variable
Contains the Settings value for the key portal.usr.base-url
Example
<a href="{{base_URL_USR}}/myAppsFeatureID">myAppsFeatureID1</a> |
Result is : myAppsFeatureID1
==> with target http://usr.memority.fr/default/myAppsFeatureID
base_URL_ADM variable
Contains the Settings value for the key portal.adm.base-url
Example
<a href="{{base_URL_ADM}}/myAppsFeatureID">myAppsFeatureID1</a> |
Result is : myAppsFeatureID1
==> with target http://adm.memority.fr/default/myAppsFeatureID
OBJECT variable
Contains the current Object, for example the identity
Example
{{OBJECT.firstName}} |
Result is : John
ORIGINAL_OBJECT variable
Contains the current Object, for example the identity, before updates
Example
{{ORIGINAL_OBJECT.firstName}} |
Result is : Jhon
VARS variable
Contains the variables for the current workflow
Example
{{VARS.shouldSkip}} |
Result is : false
overriddenDestination variable
Contains destination when it is overridden in particular cases (myMFA enrollment request, reset password)
Example
{{overriddenDestination}} |
Result is : email@myhost.example
Others variables for Notification payload
Contains the variables for the specific Notification Event Type
Example
Your password will be expired in {{days}} days |
Result is : Your password will be expired in 3 days
Combining i18n and templating
An i18n value containing templating can be reused in a Notification Template to be amended.
Example of i18n key : ui.model.attributes.b2bDateContractValidity
|
Example of Notification Template
|
Result sent in email
|
Notification Type Events
Below the list of notification types which correspond to a specific business use case in the system :
Notification event type | Location | Actors | Payload contains ... | Context | Description |
|---|---|---|---|---|---|
CITADEL_IDENTITY | IDM | senders
recipients
| The identity object. Variables:
| TODO | TODO |
CITADEL_IDENTITY_CREATION | IDM | senders
recipients
| The newly created identity object Variables:
| Business Policy on CREATE event (in actions) | When a new identity is created |
CITADEL_IDENTITY_PATCH | IDM | senders
recipients
| The patched identity object Variables:
| Business Policy on PATCH event (in actions) | When an identity is patched |
CITADEL_IDENTITY_DELETE | IDM | senders
recipients
| The deleted identity object Variables:
| Business Policy on DELETE event (in actions) | When an identity is deleted |
CITADEL_ORGANIZATION_CREATION | IDM | senders
recipients
| The newly created organization object Variables:
| Business Policy on CREATE event (in actions) | When a new organization is created |
CITADEL_ORGANIZATION_PATCH | IDM | senders
recipients
| The patched organization object Variables:
| Business Policy on PATCH event (in actions) | When an organization is patched |
CITADEL_ORGANIZATION_DELETE | IDM | senders
recipients
| The deleted organization object Variables:
| Business Policy on DELETE event (in actions) | When an organization is deleted |
CITADEL_RESOURCE_CREATION | IDM | senders
recipients
| The newly created resource object Variables:
| Business Policy on CREATE event (in actions) | When a new resource is created |
CITADEL_RESOURCE_PATCH | IDM | senders
recipients
| The patched resource object Variables:
| Business Policy on PATCH event (in actions) | When an resource is patched |
CITADEL_RESOURCE_DELETE | IDM | senders
recipients
| The deleted resource object Variables:
| Business Policy on DELETE event (in actions) | When an resource is deleted |
CITADEL_ROLE_CREATION | IDM | senders
recipients
| The newly created role object Variables:
| Business Policy on CREATE event (in actions) | When a new role is created |
CITADEL_ROLE_PATCH | IDM | senders
recipients
| The patched role object Variables:
| Business Policy on PATCH event (in actions) | When an role is patched |
CITADEL_ROLE_DELETE | IDM | senders
recipients
| The deleted role object Variables:
| Business Policy on DELETE event (in actions) | When an role is deleted |
CITADEL_INWEBO_DEVICE_ENROLLMENT_LINK | BUM | senders
recipients
| Variables:
|
| When an enrollment link need to be sent to the identity |
CITADEL_INWEBO_UNLOCK_PIN_CREATION | BUM | senders
recipients
| Variables:
|
| When a myMFA device unlock request has been generated (with unlock pin generation) |
CITADEL_PASSWORD_EXPIRATION_ALERT | IDM | senders
recipients
| Variables:
|
| When the identity password is about to expire |
CITADEL_PASSWORD_SET | IDM | senders
recipients
| Variables:
| When a | Note: only used on auto-generation. If you want send a notification when the password is set externally, you can either:
|
CITADEL_PASSWORD_RECOVERY | IDM | senders
recipients
| Variables:
| ||
CITADEL_PASSWORD_UNSET | IDM | senders
recipients
| Variables:
| ||
CITADEL_PASSWORD_CHANGED | IDM | senders
recipients
| |||
CITADEL_PUBLIC_ACCESS_SUCCESS | BUM | senders
recipients
| A link for a token access on the USR portal Variables:
| When a Public Access succeeds, it sends the configured notifications using this type. | When a user identifies himself on a public page |
CITADEL_PUBLIC_ACCESS_FAILURE | BUM | senders
recipients
| A link for a token access on the USR portal Variables:
| When a Public Access fails, it sends the configured notifications using this type. | When a user fails to identify himself on a public page (user doesn't exist or bad credentials) |
CITADEL_RESET_PASSWORD | BUM | senders
recipients
| The new password Variables:
| When a | When a password is reset |
CITADEL_RESET_PASSWORD_LINK | BUM | senders
recipients
| An access link to the USR portal for changing the user password Variables:
| When a | When a reset password link is requested. |
CITADEL_ACCESS_CODE_CREATION | BUM | senders
recipients
| An access link to the USR portal Variables:
| When an | When a new access code is sent by a groovy script |
CITADEL_AUTH_METHOD_ACTIVATED | IDM | senders
recipients
| The identity object Variables:
| When password authentication method is activated (automatically or through an action) => status is transitioned to ENABLED | ONLY IF NO PASSWORD HAS BEEN GENERATED, OTHERWISE SEE "CITADEL_PASSWORD_SET" |
CITADEL_AUTH_METHOD_DEACTIVATED | IDM | senders
recipients
| The identity object Variables:
| When password authentication method is deactivated (automatically or through an action) => status is transitioned to DISABLED | |
CITADEL_FEATURE_EXECUTION | BUM | senders
recipients
| Variables:
| Feature actions | When sending a notification through a Feature Operation Action |
CITADEL_ROLE_PUBLICATION_CREATION | BUM | senders
recipients
| Variables:
| ||
CITADEL_ROLE_PUBLICATION_PATCH | BUM | senders
recipients
| Variables:
| ||
CITADEL_ROLE_PUBLICATION_DELETE | BUM | senders
recipients
| Variables:
| ||
CITADEL_WORKFLOW_USER_TASK__ROLE_ASSIGNMENT_OPERATION_EXECUTION | BUM | senders
recipients
| Variables:
| Optional variables:
| |
CITADEL_ROLE_ASSIGNMENT_MANUAL_PROVISIONING_POLICY_CANCEL_OPERATION_EXECUTION | BUM | senders
recipients
| Variables:
| ||
CITADEL_WORKFLOW_USER_TASK__FEATURE_EXECUTION | BUM | senders
recipients
| Variables:
| Optional variables:
| |
DOMINO_SYNC_REPORT_PUBLICATION | SYNC | senders
recipients
| Variables:
Additionally, if a threshold is exceeded during a synchronization operation, the following variables are available:
| ||
DOMINO_PROV_REPORT_PUBLICATION | SYNC | senders
recipients
| Variables:
| ||
DOMINO_ACCOUNT_DISCOVERY_REPORT_PUBLICATION | SYNC | senders
recipients
| Variables:
|
Identity link types
Possible values for identity link types are :
assignee
candidate