[midPoint] Query User for Name Value
Sean R Penndorf
srpenn at us.ibm.com
Tue Mar 6 18:20:15 CET 2018
Ivan,
Thank you for responding.
Yes, what I was wondering is if there is a way to to have a pop up or
webform for the user to provide the name interactively.
The issue is I'm not able to determine the service acct names
programmatically, so I need to obtain it from the human requester.
I understand I will need to use intents (or possibly personas, though I
fear those may be confusing to my user base).
------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com
Office: 248-552-4791 TL 623-9966
From: Ivan Noris <ivan.noris at evolveum.com>
To: midpoint at lists.evolveum.com
Date: 03/06/2018 11:03 AM
Subject: Re: [midPoint] Query User for Name Value
Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>
Hi Sean,
I'm kind of confused what you want to achieve.
If you want to create another account for the same user on the same
resource, obviously the accounts must have different identifiers. E.g.
"sean" and "svc-sean". That's also similar to the example you are
referring to.
For this you need to have multiple intent configuration for the same
resource. One intent (kind=account, intent=default, default=true), second
intent (kind=account, intent=whatever, default=false). The "whatever" may
be e.g. "service-account", it's just a string.
Then you need to have roles which allow you to create normal accounts (if
you don't specify intent, midPoint assumes intent where "default=true")
and also roles to create these service accounts (kind=account,
intent=whatever in the inducement/construction.
The part which I don't understand is the "query the user for the name". I
understand that you want to use something else than $user/name (Sean). You
can use any attribute from the user, the attribute might be completely
different from $user/name.
Example: set the user attribute "Nick name" to "DB2admin", and you can
access it as $user/nickName in the outbound mapping (you need to define
source path for $user/nickName).
Or perhaps by "querying" you mean to "ask the user to provide the value
interactively"?
Best regards,
Ivan
On 01.03.2018 19:45, Sean R Penndorf wrote:
Hi Community,
I'm missing some key point somewhere.
Let's say I have a Midpoint user: name = Sean
I have a resource to AD. Default intent account name = Sean
So far so good.
Now I need to add a functional ID (faceless account).
So I setup another intent called "functionalID" name = ?????
In most examples I've seen, you have an outbound mapping something like
this:
<expression>
<script>
<code>
'funcID-'+name
</code>
</script>
</expression>
...which equates to funcID-Sean.
But, what I REALLY need is the functionalID Name = svc-DB2Admin
How do I query the user for the name rather than generating the name?
Thanks!!
------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com
Office: 248-552-4791 TL 623-9966
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180306/26ab7d68/attachment.htm>
More information about the midPoint
mailing list