[midPoint] Group association with extra attribute from role

Alexandre Zia alexandre.zia at ifood.com.br
Tue Mar 19 03:33:18 CET 2019


We have a situation were we have a role giving access to a group, through
group association, the classic scenario.

However, in this remote system there is only one group, and you assign this
group to a user AND an access role defining if this association will be
Admin or read-only.

Let me explain:
In the remote system we have:

User: A
User: B

Group: G

User A has group G associated with "Admin" role -> So he is an admin
User B has group G associated with "Viewer" role -> So he is read-only user

So in midpoint I've extended RoleType to add an attribute:  "roleId".
(values can be 8 for admin, or 7 for viewer).

When assigning the role to an user, the group association passes the Group
ID to the connector,  as expected,
But how can I pass this role attriibute "roleId" together with the groupId
in group association?


Thanks in advance.
Alexandre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190318/b5b61cd4/attachment.htm>


More information about the midPoint mailing list