[midPoint] Get user name in META role for entitlement construction

Oleksandr Nekriach o.nekriach at dynatech.lv
Tue Sep 25 10:38:21 CEST 2018


Hello, please help me to find a solution

I have META role that constructs group on a resource.
This group has MEMBER attribute.
To put username to MEMBER attribute I use $focus/name path for outgoing
mapping (see below).
Then I assign role (Role1) to META role to create a group on resource and
assign a user as a member of Role1.
I expected that group will get user name as MEMBER but this mapping returns
role name instead of expected user name.
Please help. What is correct outgoing mapping rule for such case?


   <inducement>
      <construction>
         <resourceRef oid="f0a2c91b-95cb-4a3b-bfa9-4e2fb6855b50"
                      relation="org:default"
                      type="c:ResourceType"><!-- Test GoogleApps
--></resourceRef>
         <kind>entitlement</kind>
         <intent>Group</intent>
        <attribute>
            <c:ref>ri:__MEMBERS__</c:ref>
            <outbound>
               <source>
                  <name>name</name>
                  <c:path>$focus/name</c:path>
               </source>
               <expression>
                  <script xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
                          xsi:type="c:ScriptExpressionEvaluatorType">
                     <code>
                         if(name !=null )
                         return name.toString()+"@testidm.org"
                     </code>
                  </script>
               </expression>
            </outbound>
         </attribute>
       </construction>
   </inducement>
-- 
Best regards,



Oleksandr Nekriach | Identity and access management engineer

Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
<https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>

+37125314685 <+371%2025%20314%20685>
,
o.nekriach at dynatech.lv
|
www.dynatech.lv


Stay connected:
<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
<https://www.linkedin.com/company-beta/17893047/>


Confidentiality Notice: This message contains confidential information and
is intended only for the named recipient(s). If you are not the addressee
you may not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please notify
us by e-mail immediately. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180925/a1877066/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180925/a1877066/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180925/a1877066/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180925/a1877066/attachment-0002.png>


More information about the midPoint mailing list