[midPoint] Importing entitlements to roles for multiple account intents

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Thu Dec 28 16:54:21 CET 2017


Hello!

I'm looking for correct way how to correctly import resource entitlements into midPoint roles.

For now I'm doing this as follows:
1) create schema handling for entitlement.
2) create synchronization.
3) At the "unmatched->addFocus" synchronization step I connect a role template. The template assigns metaroles to the imported roles for:
  a) association from link (as the imported roles are just linkRef only),
  b) approval schema,
  c) and assigns correct OrgUnit in the role catalog, based on resource, role type and other "things".

That works just perfect, but for one account intent only. The account intent is statically specified in "association from link" metarole in the first order inducement.
If is not, the metarole works for "default" account intent.
But I have 8 account intents in this resource, and every account must be associated with the entitlements regardless of the intent.

I tried to make more than one "unmatched->addFocus" synchronization reaction with different role templates
with hope for importing 8 roles from one entitlement for different account intents but midPoint warns me: "Duplicated reactions [...]".
I cannot just add multiple "actions" to one reaction because I can apply only one template to one reaction.

And I don't know how to do it.
Any ideas?
Beer is on me for the help!

Happy NY!
WS



More information about the midPoint mailing list