[midPoint] Actual state of Entitlements functionallity

Manfredo Hopp mhopp.conicet at gmail.com
Wed Oct 7 18:56:51 CEST 2015 

Hi,

 we are evaluating midPoint as alternative for propagation to an LDAP with
the  provisioning of new users from DB and possibly changes to structure
from db or through  midPoints API.

Actually our  users are registered in DB  and associated to different
application-roles one of  which is selected from user after login and
 forwarded to applications.
We also have an administrative system which maintains this structure  where
 we manage the concept of groups within roles (grouping several roles),
role delegation and have automatic enrollment of users and role assigments.

Trying to get an overall knowledge about midPoint I was following Live Demo
and some  documentation and found out that the concept of midpoints
Entitlement is what better suits our need to reflect our Roles.

So I was trying to find out something about Entitlments in demo with no
results. There is still a reference to it which I copy:

"Some of the roles and organizational units modify membership in LDAP
groups. However, there is a limitation to this somehow caused by the
incomplete design of the connector framework. Quite an ugly trick is needed
to work around this in current midPoint version. The trick is an ad-hoc
support for ldapGroups attribute in the LDAP connector. However the
attribute is hidden and needs to be manually added to the generated LDAP
resource schema. This also means that the LDAP groups are normally not
displayed for LDAP account in midPoint. However we are working hard on
this. The next version of midPoint will introduce the concept of
*Entitlements* that will provide an elegant and systematic solution to this
problem."

Also I found this in documentation:

"MidPoint can be configured to fully understand entitlements. MidPoint can
know which resource objects represent groups. Therefore midPoint can manage
group membership in a structured and automated way. MidPoint can list
entitlements and therefore it can be used to create smart and convenient
user interfaces. MidPoint support for entitlements goes beyond the
capabilities of vast majority of IDM solutions."
and

"The entitlements are supported in midPoint core engine but the GUI support
is currently very limited"

So here come my questions:

What is actual state of entitlements GUI? Is it that of live Demo?

How could  Entitelments administration be adressed?

Is there any midPoint Extension/Plugin that has been developed ?

To what extent can  midPoint be extended?


Sorry for all this long introduction.

Regards MHopp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151007/46bf2f15/attachment.htm>

More information about the midPoint mailing list