[midPoint] create approval workflow from liveSync

Marco Benucci m.benucci at nsr.it
Mon Jun 11 13:01:14 CEST 2018 

Thank you Pavol,

we were thinking that the reaction to the liveSync unmatched could be 
"add user" and with an object template we could disable the newly 
created user (and the account too) or expire the password (or even both).

The approval could be about 2 request:
1) adding the role that grants access to that resource
2) enabling the user and the account

If the approval were rejected, it could be possibile to delete the user 
and the account through an hook, I suppose...

I would like to give it a try.
What about the "custom scripting hook" to create an approval?
Is there something on the wiki that talk about this?

Thank you,
Marco



On 06/11/2018 11:24 AM, Pavol Mederly wrote:
>
> Marco,
>
> this question have been discussed here a couple of times already. The 
> answer is "currently not" - at least not in a simple way.
>
> The basic reason is that it is unclear how should midPoint react to 
> rejection of the approval. A naive approach (i.e. rejection means the 
> user would not be created) means that the same approval request would 
> pop up on next reconciliation; or on any other occasion where midPoint 
> learns that there's an unmatched account.
>
> Maybe there could be a workaround like
>
>  1. LiveSync would create user with the lifecycle state of Proposed.
>  2. An approval of switching the state to Active would be (somehow)
>     started.
>  3. If the approval would be completed positively, the user would be
>     activated. Otherwise it would stay in Proposed state.
>
> I am not quite sure how the step 2 should be implemented. It could be 
> certainly done by a custom scripting hook. (Maybe a policy rule could 
> be used as well but I am not sure.)
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
> On 04.06.2018 16:50, Marco Benucci wrote:
>>
>> Hi,
>>
>> would it be possible to create an approval process strarting from a 
>> LiveSync "reaction"?
>>
>> For example:
>>
>> I'd like to create an approval workflow about the creation of a user 
>> created by anĀ  "adduser" reaction from an "unmatched" result 
>> discovered by liveSync looking for new accounts on a resource.
>>
>> Could it be possible?
>>
>> Thank you,
>> Marco
>>
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180611/857fe82a/attachment.htm>

More information about the midPoint mailing list