Role
In the Sequence Properties pane of Sequence Designer, you can select the role of the user who will be completing the sequence. The options are Student (default) and Staff. The Student role is also used for CampusNexus CRM Contacts.
Forms Builder recognizes the current user’s role and only allows the user to execute sequences that have a matching role, i.e., if the user is a Student, the user will not be allowed to execute sequences that have a role of Staff.
Role Configuration
The Student and Staff roles are configured during the installation of Forms Builder 3.5 and later in the web.config files of Forms Renderer and Staff STS.
The web.config file of CMCFormsRenderer_V3 provides authentication and mapping of Staff and Student roles to products:
<section name="authenticationConfigSection" type="Cmc.Nexus.FormsBuilder.Helpers.AuthenticationConfigSection, Cmc.Nexus.FormsBuilder" />
<!-- Mapping of realms to issuers --> <mappings> <!-- <mapping realmKeys="Comma separated realm URL keys or * for wildcard match" product="Student, CRM or * for wildcard match" role="Student or Staff" issuerKey="URL key of the issuer" /> --> <mapping realmKeys="*" product="Student" role="Student" issuerKey="Student STS"/> <mapping realmKeys="*" product="CRM" role="Student" issuerKey="CRM STS"/> <mapping realmKeys="*" product="*" role="Staff" issuerKey="Staff STS"/> </mappings>
The web.config file of Staff STS uses the following key under <appSettings>
to accept claims from Renderer:
<add key="FormsBuilder.Renderer.WsFed" value="http://<server>:<port>/" />
If you are using Forms Builder 3.5 with Anthology Student 19.0 or earlier, add the FormsBuilder.Renderer.WsFed
key manually to the web.config for the Staff STS.
Notes
-
An update script sets the value of the Role property to Student/Contact for all sequences created in Forms Builder 3.4 and earlier.
-
If a staff sequence is accessed via cloud services (Azure), you must include a LookupUser activity with UserType=Staff in the workflow to ensure proper authentication and authorization for the Staff role. For more information, see Azure AD Authentication.
-
When the Anonymous field is selected for a sequence, the role property is not applicable and the Role field is hidden. The default Role value in the database will be Student.
-
When the Role value in an existing sequence is modified and a persisted instance of the workflow exists, a Save/Update of the sequence is not allowed. Forms Builder displays the following error: