[midPoint] Syntax from role inducement does not apply constructions from "internal" role

Oleksandr Nekriach o.nekriach at dynatech.lv
Mon Jul 22 14:19:14 CEST 2019


Hi colleagues,
I am trying to create some basic role for Gitlab connector that will add
role and organization in one assignment section to the user like this

<assignment>
        <targetRef oid="21ab0054-3d64-44d6-ac87-d14e844781f9"
relation="org:default" type="c:RoleType">
        </targetRef>
        <orgRef oid="e4275a2c-a11e-4691-9674-3fb2a7a1eeb2"
relation="org:default" type="c:OrgType">
        </orgRef>
    </assignment>

The syntax below works perfect the user object will be modified by adding
the "desired" assignment section.
But such syntax does not apply constructions from "internal" role on the
fly (I mean role oid="21ab0013-3d64-44d6-ac87-d14e844781f9").
To do this I have additionally to recalculate user after assigning it to
the basic role (select Force and Reconcile on User profile and click save).
The same behavior and during unassigning of the basic role, construction
will be applied until the user will be recalculated.

Is there some other way (syntax) to apply role and organization in one
assignment section to avoid the issue described above.

Syntax from the basic role
<inducement>
        <focusMappings>
            <mapping >
                <authoritative>true</authoritative>
                <strength>strong</strength>
                <expression>
                    <value>
       <targetRef oid="21ab0013-3d64-44d6-ac87-d14e844781f9"
relation="org:default" type="c:RoleType">
</targetRef>
                   <orgRef oid="e4275a2c-a11e-4691-9674-3fb2a7a1eeb2"
relation="org:default" type="c:OrgType">
</orgRef>
</value>
                </expression>
                <target>
                    <c:path>assignment</c:path>
                </target>
            </mapping>
        </focusMappings>
        <focusType>c:UserType</focusType>
    </inducement>


-- 
Best regards,



Oleksandr Nekriach | Identity and access management engineer

Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
<https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>

+37125314685 <+371%2025%20314%20685>
,
o.nekriach at dynatech.lv
|
www.dynatech.lv


Stay connected:
<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
<https://www.linkedin.com/company-beta/17893047/>


Confidentiality Notice: This message contains confidential information and
is intended only for the named recipient(s). If you are not the addressee
you may not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please notify
us by e-mail immediately. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190722/562c5084/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190722/562c5084/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190722/562c5084/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190722/562c5084/attachment-0002.png>


More information about the midPoint mailing list