Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:modules_crt_lrt_notification [2018/02/19 22:30]
poulm 		tutorial:adm:modules_crt_lrt_notification [2019/11/07 14:12]
doischert
Line 1: Line 1:
 +====== Modules - Certificates: - Scheduled tasks and notifications ======
  
 +In this tutorial, we will create a new scheduled task. This scheduled task will send a notification a few days before a certificate expires.
 +
 +===== What do you need before you start =====
 +  * You need to have **CzechIdM 7.7.0** (and higher) installed.
 +  * You need to be logged in as **admin** (or a user with superAdminRole).
 +  * You need to enable the **Certificate** module.
 +
 +===== Create scheduled task =====
 +In the left menu, select **Settings** and then **Task scheduler**. And click on **Add** button.
 +
 +{{ :tutorial:adm:ca_lrt_01.png |}}
 +
 +In the popup window select **CertificateExpirationWarningOwnerTaskExecutor** and fill in how many days before a certificate expires you want to receive the notification, in our tutorial it is 3. (There is another scheduled task **CertificateExpirationWarningAdminTaskExecutor**, which is similar to this one, the only difference is that the notification is sent to users with a role defined in scheduled task.)
 +
 +{{ :tutorial:adm:ca_lrt_02.png |}}
 +
 +As you can see in the following picture, there is now new scheduled task with a parameter of 3 **days before**. In column **Action** there is a green button "play" and by clicking on it, the scheduled task will start. (If you want to start this task automatically, look in tutorial about [[tutorial:adm:create_and_configure_trigger|triggers]].)
 +
 +{{ :tutorial:adm:ca_lrt_03.png |}}
 +
 +Scheduled task will send a notification to the owner of the certificate when certificate would expire in 3 days.
 +
 +{{ :tutorial:adm:ca_lrt_04.png |}}
 +
 +Congratulations, now your certificates will never expire.
 +
 +===== Notification configuration =====
 +In this part of tutorial, there are mentioned a few certificate notifications, which can be easily configured.
 +The configuration of these notifications is in the left menu **Settings**->**Configuration**.
 +
 +Configured notification topics (email by default):
 +  * **certificateExpiredOwner** - When a certificate is expired, notification is sent to certificate owner. 
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-expired-notification-owner-processor.enabled=false''.
 +  * **certificateExpiredAdmin** - When a certificate is expired, notification is sent to certificate admin. 
 +    * Certificate admins are identities with role configured by property ''idm.sec.crt.processor.certificate-expired-notification-admin-processor.adminRole''. When no identity is found, then notification isn't sent. 
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-expired-notification-admin-processor.enabled=false''.
 +  * **certificateRevokedOwner** - When a certificate is revoked, notification is sent to certificate owner.
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-revoked-notification-owner-processor.enabled=false''.
 +  * **certificateRevokedAdmin** - When a certificate is revoked, notification is sent to certificate admin. 
 +    * Certificate admins are identities with role configured by property ''idm.sec.crt.processor.certificate-revoked-notification-admin-processor.adminRole''. When no identity is found, then notification isn't sent. 
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-revoked-notification-admin-processor.enabled=false''.
 +  * **certificateCreatedOwner** - When a certificate is created, notification is sent to certificate owner.
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-created-notification-owner-processor.enabled=false''.
 +  * **certificateCreatedAdmin** - When a certificate is created, notification is sent to certificate admin. 
 +    * Certificate admins are identities with role configured by property ''idm.sec.crt.processor.certificate-created-notification-admin-processor.adminRole''. When no identity is found, then notification isn't sent. 
 +    * Can be disabled by property ''idm.sec.crt.processor.certificate-created-notification-admin-processor.enabled=false''.
 +  * **requestApproved** - When a certificate request is approved, notification is sent to certificate owner.
 +  * **requestDisapproved** - When a certificate request is disapproved, notification is sent to certificate owner.
 +  * **certificateCreatedPasswordOwner** - notification with new password generates or filled during creating certificate.
 +
 +Each topic has a template with the same name with ''Crt'' prefix in module resources.
  • by cem