[midPoint] Inducement Inheritance not Working

Martin Marchese mmarchese at identicum.com
Thu Dec 29 19:25:05 CET 2016 

Hi All,

We have a role model designed as it follows:

Users are assigned to an Org (the AssignmentType is extended with
metaRelation attribute). This Org, has a Meta Role assigned.

Based on the value of the metaRelation attribute (STUDENT or TEACHER) the
Meta Role induces a Role (order 2 inducement) to the user.

These induced roles have their own inducements, to resources (OpenLDAP,
google apps, office 365, etc).

Once a user is assigned to an Org, it receives the inderect assignment
based on the metaRelation attribute value. However, it's not receiving the
resource inducements, hence, the accounts are not being created in the
resources.

Any idea if this is normal behavior or if we are missing something?

Below are examples of how our objects look like.

*Org XML:*

<org>
   <name>MEGC</name>
...
   <assignment id="1">
      <targetRef oid="00000000-0000-1de4-0004-000000000099"
type="c:RoleType"></targetRef>
   </assignment>
...
</org>

*Meta Role XML:*

<role>
   <name>META_ROLE</name>
   ...
   <inducement id="4">
      <targetRef oid="00000000-0000-1de4-0004-000000000011"
type="c:RoleType"></targetRef>
      <order>2</order>
      <focusType>UserType</focusType>
      <condition>
         <source>
            <c:path>$focusAssignment/extension/metaRelation</c:path>
         </source>
         <expression>
            <script>
               <code>metaRelation == 'TEACHER'</code>
            </script>
         </expression>
      </condition>
   </inducement>
...
</role>

*Induced Role:*

<role>
   <name>TEACHER</name>
...
   <inducement id="1">
      <construction>
         <resourceRef oid="00000000-0000-1de4-0002-000000000002"
type="c:ResourceType"></resourceRef>
         <kind>account</kind>
      </construction>
   </inducement>
...
</role>

Thanks in Advance

*Ing. Martín Marchese*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161229/cd88d277/attachment.htm>

More information about the midPoint mailing list