Skip to main content

Customizing the global mail plugin

The following plugin programs, shipped with Bravura Security Fabric , can be used with the GLOBAL MAIL PLUGIN plugin point:

  • global-mail-plugin.py, which uses MAIL SEND METHOD to send an email or writes the email to file. It is enabled by default.

    Caution

    This plugin should only be changed under supervision from Bravura Security support, as it is a base product script and any changes will add technical debt to be re-added after any patches are applied, which install the base version of the script.

  • plugin-email-domino.exe, which sends mail via a Lotus Notes / Domino mail system.

Customize global-mail-plugin.py

Execution points

This plugin is run by the idwfm service and by the psupdate and iddiscover programs. The plugin must be located in the \<instance>\plugin\ directory on the Bravura Security Fabric server.

Input

The following is an example of input sent to the plugin:

"" "" = {
     "content" = "\nouadmin,\n \n  A request for account resources has been received, and is pending\nyour approval.\n\n\n\n\nTo accept, update, or deny the requested resources, please click on\nthe following link:\n\n  -->  http://w2k3archive2/51-5142/?LANG=en-us&userid=ouadmin&BATCH=2064&JUMPTOCGI=IDP\n\nAlternatively, visit\n\n  -->  http://w2k3archive2/51-5142/?LANG=en-us\n\nLog in, click the link for 'Authorize requests', and\nenter batch ID 2064.\n\n\n\nThis request's details:\n\n   Batch ID: 2064\n   Request Created at: \n   Requested By: test_request\n   Through delegate: \n   Requested User ID: test_recipient\n\n\n   Other Attributes:\n     \n\n     \n     \n     View managed password requests\n\n\n      AD, 7777\n\n\n\n     \n\n   Requester Notes:\n     \n\n   Reasons:\n     \n\n\n\n-- Identify Manager.\n\n\n-----------------------------------------------------------------\n\n"
               
      # The body of the message
     "fromemail" = "idmsuite_replies@YourEmailDomain.com"
      # The value of SENDER EMAIL.
     "fromname" = "ID Management Suite"
      # This is always ID Management Suite, and is not configurable.
     "frompass" = "mypass123"
      # The value of SENDER PASSWORD.
     "lockdir" = "E:\\Program Files\\Bravura Security\\Bravura Security Fabric\\Locks\\"
      # The lock file directory.
     "maildir" = "E:\\Program Files\\Bravura Security\\Bravura Security Fabric\\Logs\\default\\mail"
      # The value of GLOBAL MAIL PLUGIN MAILDIR
     "mailheader" = "From: $FROMNAME$ <$FROMEMAIL$>\nTo: $TONAME$ <$TOEMAIL$>\nSubject: $SUBJECT$\n\n$CONTENT$\n\n"
     "mailserver" = "smtp.example.local"
      # The value of MAIL SERVER.
     "mailserverport" = "25"
      # The value of MAIL SERVER PORT.
     "primaryID" = "ouadmin"
      # The profile ID of the primary authorizer,
               
      # in case this is a delegated email.
     "profileID" = "ouadmin"
      # The profile ID of the user receiving the mail.
     "subject" = "Access access request needs authorization"
        # The subject of the email.
     "toemail" = "ouadmin@"
      # The email address to which the message is sent.
      # If global mail plugin is run by psupdate or loaddb, this is the value
      # of RECIPIENT EMAIL.
     "toname" = "ouadmin"
      # The full name of the recipient of the email message.
               
     "content-type" = "1"
      # Indicate the content type of the email, 1 = HTML
     "triggeringEvent" = "EVENT_AUTH_EMAIL_INITIAL"
      # The idwfm event that is triggering the mail.
     "request" "" = {
        # Standard request data.
         }
     "extraHeaders" "" = {
         "In-Reply-To" = "<request ID>"
         "References" = "<request ID>"
         "X-Hitachi-ID-purposeTag" = "EM_WORKFLOW_REQ_INITIAL_AUTHORIZER_NEEDAUTH_CONTENT_PRIMARY"
     }
      # Provide extra email headers
}

Request data is optional. It is empty if not supplied. The input can be used to change how email is sent based on the situation; for example, only sending email if certain request information is included.

Output

This plugin returns a success or failure message, using the errmsg key.

For example, the output for a successful email is:

       "" "" = {
          "errmsg" = "success "
          "retval" = "0"
        }
The output for a failed email would be:
        "" "" = {
          "errmsg" = "There was a problem because ..."
          "retval" = "1"
        }

Configure plugin-email-domino

To configure Bravura Security Fabric to use plugin-email-domino:

  1. Install the Lotus Notes / Domino client as described in Lotus Domino Server.

  2. Copy the ID file that will be used to send email, to the Bravura Security Fabric server.

  3. Ensure that Bravura Security Fabric can determine users’ email addresses.

Configure the global mail settings as follows:

  • GLOBAL MAIL PLUGIN plugin-email-domino.exe

  • GLOBAL MAIL PLUGIN MAILDIR Empty. This option is ignored.

  • MAIL AUTH LOGIN The path to the ID file that will be used to send email; for example, C:\idfiles\user.id.

  • MAIL AUTH PASSWORD The password for the ID file specified by MAIL AUTH LOGIN.

  • MAIL SERVER PORT Any numeric value. This option is ignored.

  • MAIL SERVER Any value. This option is ignored. The plugin determines this value from the Notes API.

  • RECIPIENT EMAIL The Bravura Security Fabric administrator’s full name or notes mail address; for example, IDMS Admin/global@example.local.

  • SENDER EMAIL The address that appears as the sender when email is sent to addresses specified in RECIPIENT EMAIL. plugin-email-domino uses this to retrieve the sender’s ID file to use as the sender.

In this section: