[midPoint] Outbound mapping conditional on role

Tue Apr 2 10:11:06 CEST 2019

Hi Ethan,

you need to do it in a role outbound mapping, not resource schema
handling, if you wish to use a role name.

You can use attribute mapping in the role which can populate any
resource attribute.

The role name can be used as a source for such mapping and the path
would be $containingObject/name.

A fictious example for a role SITE_CONTENT_MANAGER: whoever has this
role assigned, his account will be associated with entitlement named
SITE_CONTENT_MANAGER. If you don't need/use association, use a standard
outbound mapping and set whatever attribute to a value of
$containingObject/name. I think this is a part of the training (Secret
projects).

<role oid="00000000-dc00-dc00-0004-000000000203"
        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"

xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"

xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
    <name>SITE_CONTENT_MANAGER</name>
    <inducement>
        <construction>
            <resourceRef oid="00000000-dc00-dc00-0001-000000000022"
type="c:ResourceType"/>
        <kind>account</kind>
        <intent>default</intent>

        <association>
            <ref>ri:group</ref>
            <outbound>
                <strength>strong</strength>
                <source>
                    <path>$containingObject/name</path><!-- becomes
"name" variable -->
                </source>
                <expression>
                    <associationTargetSearch>
                        <filter>
                            <q:equal>
                                <q:path>
                    declare namespace
icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
                    attributes/icfs:name
                                </q:path>
                                <expression>
                                    <script><!-- this is
$containingObject/name -->
                                        <code>return name</code>
                                    </script>
                                </expression>
                            </q:equal>
                        </filter>
                    <searchOnResource>true</searchOnResource>
                    </associationTargetSearch>
                </expression>
            </outbound>
        </association>
        </construction>
    </inducement> 
    <requestable>true</requestable>
</role>

Best regards,

Ivan

On 1. 4. 2019 19:31, Kromhout, Ethan A. wrote:

> I'm trying to solve a mapping problem that I think is similar to a 
> thread on the mailing list that Pavol replied to in 2017:
>
> http://lists.evolveum.com/pipermail/midpoint/2017-June/003876.html
>
> Pavol provided some documentation links, but I'm still struggling with 
> what the xml for the schemaHandling section of my connector should look 
> like. I'd like to set a role in a resource based on a role in midPoint, 
> for example if you are assigned the role WordPress-Subscriber in 
> midPoint how would I pass either the role name or a simple literal to my 
> outbound mapping?
>
> Thanks for any suggestions,
>
> Ethan
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com