[midPoint] validityStatus changing validTo date
Martin Lízner - AMI Praha a.s.
martin.lizner at ami.cz
Tue Jan 24 14:17:01 CET 2017
This is our code to workaround the problem:
<mapping>
<name>Effective Status management</name>
<strength>strong</strength>
<source>
<c:path>$focus/activation/administrativeStatus</c:path>
</source>
<source>
<c:path>$focus/activation/validFrom</c:path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.common.Clock;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.XMLGregorianCalendar;
import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
if (validFrom==null || administrativeStatus ==null ||
administrativeStatus==ActivationStatusType.DISABLED){
//log.info("XXXX Effective Status code res.
"+ActivationStatusType.DISABLED);
return ActivationStatusType.DISABLED;
}
//log.info("XXXX Effective Status code - validFrom:
["+validFrom+"] adminStatus: ["+administrativeStatus+"]");
boolean isDisabled = ActivationStatusType.ENABLED !=
administrativeStatus;
XMLGregorianCalendar now = (new
Clock()).currentTimeXMLGregorianCalendar();
boolean isFuture = DatatypeConstants.LESSER ==
now.compare(validFrom)
//log.info("XXXX Effective Status code res. "+((isDisabled
|| isFuture)?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED));
return (isDisabled ||
isFuture)?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED;
</code>
</script>
</expression>
<target>
<c:path>$focus/activation/effectiveStatus</c:path>
</target>
<evaluationPhase>beforeAssignments</evaluationPhase>
</mapping>
Martin Lízner
solution architect
gsm: [+420] 737 745 571
e-mail: martin.lizner at ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.] <http://www.skyidentity.com/>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
2017-01-24 13:52 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:
> Ok, I opened it on JIRA: https://jira.evolveum.
> com/projects/MID/issues/MID-3695
>
> Regards,
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
> www.identicum.com
>
> On Tue, Jan 24, 2017 at 6:23 AM, Radovan Semancik <
> radovan.semancik at evolveum.com> wrote:
>
>> Hi,
>>
>> You are right. You should not change validityStatus or effectiveStatus.
>> MidPoint should recompute that automatically. I haven't had chance to have
>> a closer look at the issue. But it looks like a bug. Could you create a
>> jira for that please? Please compile the information in the jira
>> description or just point to the relevant mailing list messages. I will
>> look at that issue as soon as I can find a bit of time.
>>
>> --
>> Radovan Semancik
>> Software Architectevolveum.com
>>
>>
>>
>> On 01/23/2017 10:31 PM, Nicolas Rossi wrote:
>>
>> Maybe this could help to the midPoint developers: we added some logs to
>> the ActivationComputer class. We have a disabled user and when we change
>> the validTo value from the User Template, the *getEffectiveStatus()
>> returns ENABLED*
>> but the user is still disabled.
>>
>> Current value:
>> <activation>
>> <effectiveStatus>disabled</effectiveStatus>
>> <validTo>2016-04-30T00:00:00.000-03:00</validTo>
>> <validityStatus>after</validityStatus>
>> <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>> <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</vali
>> dityChangeTimestamp>
>> </activation>
>>
>> After modification
>>
>> <activation>
>> <effectiveStatus>disabled</effectiveStatus>
>> <validTo>2017-02-01T00:00:00.000-03:00</validTo>
>> <validityStatus>after</validityStatus>
>> <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>> <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</vali
>> dityChangeTimestamp>
>> </activation>
>>
>> It sounds like a bug. Should I open it on JIRA ?
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>> <http://www.identicum.com>www.identicum.com
>>
>> On Mon, Jan 23, 2017 at 4:46 PM, Rodrigo Yanis < <ryanis at identicum.com>
>> ryanis at identicum.com> wrote:
>>
>>> Hello everyone,
>>>
>>> Extending the case exposed by Nicolás, we also added a mapping on the
>>> User Template to target on the administrativeStatus attribute the following
>>> way (simplified):
>>>
>>> <mapping>
>>>> ...
>>>> <expression>
>>>> <script>
>>>> <language>
>>>> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy>
>>>> http://midpoint.evolveum.com/xml/ns/public/express
>>>> ion/language#Groovy</language>
>>>> <code>
>>>> import com.evolveum.midpoint.xml.ns._
>>>> public.common.common_3.ActivationStatusType;
>>>>
>>>> ...
>>>> return ActivationStatusType.DISABLED;
>>>> </code>
>>>> </script>
>>>> </expression>
>>>> <target>
>>>> * <c:path>$user/activation/administrativeStatus</c:path>*
>>>> </target>
>>>> </mapping>
>>>
>>>
>>> When the user is imported disabled from HR, effectiveStatus remains
>>> enabled even though validTo is expired and administrativeStatus is set to
>>> disabled on UserTemplates' account.
>>>
>>> <activation>
>>>>
>>>> * <administrativeStatus>disabled</administrativeStatus> **
>>>> <effectiveStatus>enabled</effectiveStatus>*
>>>> <validFrom>2013-07-20T00:00:00.000-03:00</validFrom>
>>>>
>>>> * <validTo>2015-07-20T00:00:00.000-03:00</validTo> **
>>>> <validityStatus>in</validityStatus>*
>>>> <enableTimestamp>2017-01-23T16:17:36.013-03:00</enableTimestamp>
>>>> <validityChangeTimestamp>2017-01-23T16:17:36.013-03:00</val
>>>> idityChangeTimestamp>
>>>> </activation>
>>>
>>>
>>> Thankful for any advise,
>>>
>>>
>>> *Rodrigo Yanis.*
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4824-9971 <+54%2011%204824-9971>
>>> ryanis at identicum.com
>>> www.identicum.com
>>>
>>> 2017-01-23 10:21 GMT-03:00 Nicolas Rossi < <nrossi at identicum.com>
>>> nrossi at identicum.com>:
>>>
>>>> Hi guys, we have reproduced this issue on a fresh install of midPoint
>>>> 3.5. These are the steps to reproduce it:
>>>>
>>>> 1. Extended the schema with 2 attributes (a flag and a date) →
>>>> user.xsd
>>>> 2. Created a UserTemplate mapping the custom date to the validTo if
>>>> the flag is active. → user_template.xml
>>>> 3. Assigned the UserTemplate as the default template for users.
>>>> 4. Create a user
>>>> 5. Modify the user setting the flag and a date before today
>>>>
>>>> Result:
>>>>
>>>> - The validTo date is mapped correctly
>>>> - The user is still enabled
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> Ing Nicolás Rossi
>>>> Identicum S.A.
>>>> Jorge Newbery 3226
>>>> Tel: +54 (11) 4552-3050
>>>> <http://www.identicum.com>www.identicum.com
>>>>
>>>> On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi < <nrossi at identicum.com>
>>>> nrossi at identicum.com> wrote:
>>>>
>>>>> Hi guys, we have a User Template that defines the validTo date
>>>>> evaluating 2 different dates. When a user is active and the calculated
>>>>> validTo date is before today the user is not being disabled by midpoint as
>>>>> we expected. I found a little difference between this user and other one
>>>>> not handled by the user template, on the activation node it has
>>>>> validityStatus=in instead of validityStatus=after:
>>>>>
>>>>> User disabled OK (changed from GUI, not from the UserTemplate):
>>>>>
>>>>> <activation>
>>>>> *<effectiveStatus>disabled</effectiveStatus>*
>>>>> *<validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>>>> *<validityStatus>after</validityStatus>*
>>>>> <disableTimestamp>2017-01-22T08:24:48.970-03:00</disableTime
>>>>> stamp>
>>>>> <enableTimestamp>2017-01-22T08:24:31.529-03:00</enableTimestamp>
>>>>> <validityChangeTimestamp>2017-01-22T08:24:48.970-03:00</vali
>>>>> dityChangeTimestamp>
>>>>> </activation>
>>>>>
>>>>> User not being disabled (changed from UserTemplate):
>>>>>
>>>>> <activation>
>>>>> * <effectiveStatus>enabled</effectiveStatus>*
>>>>> * <validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>>>> * <validityStatus>in</validityStatus>*
>>>>> <disableTimestamp>2017-01-22T08:13:40.530-03:00</disableTime
>>>>> stamp>
>>>>> <enableTimestamp>2017-01-22T08:13:58.962-03:00</enableTimestamp>
>>>>> <validityChangeTimestamp>2017-01-22T08:13:58.962-03:00</vali
>>>>> dityChangeTimestamp>
>>>>> </activation>
>>>>>
>>>>> Should I set the validityStatus on the UserTemplate?
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>> Ing Nicolás Rossi
>>>>> Identicum S.A.
>>>>> Jorge Newbery 3226
>>>>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>>>>> www.identicum.com
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170124/1e08d8b8/attachment.htm>
More information about the midPoint
mailing list