[midPoint] Problem with resource correlation

Andrea Picconi andrea.picconi at innovery.net
Fri Dec 3 09:32:39 CET 2021 

Hi Gustav,

thanks for your help. We found a way, following your instructions, "truncating" the part we didn't need.
Here our method:

<correlation>
<q:equal>
 <q:path>c:name</q:path>
 <expression>
      <script>
                <code><![CDATA[
                                 String UPN = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'userPrincipalName')
                                 result = UPN.split("@")[0];
                                 return result
                ]]></code>
    </script>
  </expression>
</q:equal>
</correlation>

Thanks again,
Andrea

From: Pálos Gustáv <gustav.palos at gmail.com>
Sent: Thursday, December 2, 2021 7:55 AM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Andrea Picconi <andrea.picconi at innovery.net>
Subject: Re: [midPoint] Problem with resource correlation

Hi Andrea,

you can use expression to trim @domain from UPN and send only "name" to midPoint query.

We use it to put prefix and send search "RC:" + cn in this example:

            <correlation>
                <q:equal>
                    <q:path>c:name</q:path>
                    <expression>
                        <script>
                            <code><![CDATA[
                                String cn = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'cn')
                                return 'RC:' + cn
                            ]]></code>
                        </script>
                    </expression>
                </q:equal>
            </correlation>

best regards

Gustav

st 1. 12. 2021 o 12:57 Andrea Picconi via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> napísal(a):
Hi all,

we have a problem with a correlation rule:
we are trying to bind an attribute on the midPoint account (“name”) with the UserPrincipalName present on the AD resource (composed of “name” + @domain).
Is there a way to correlate the two attributes?

Thank you in advance,
Andrea

[cid:image001.jpg at 01D7E827.2A617E80]
Andrea Picconi
IAM Engineer
MAIL: ANDREA.PICCONI at INNOVERY.NET<mailto:ANDREA.PICCONI at INNOVERY.NET>
PHONE: +39  06 51963439  (ext. 196)
MOBILE: -

WWW.INNOVERY.NET<http://WWW.INNOVERY.NET>
STRADA QUATTRO SNC, PAL A6
CENTRO DIREZIONALE MILANOFIORI | 20057 ASSAGO (MI)

[cid:image002.jpg at 01D7E827.2A617E80]


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint


--
s pozdravom

Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211203/8ab963a8/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2583 bytes
Desc: image001.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211203/8ab963a8/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1986 bytes
Desc: image002.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211203/8ab963a8/attachment-0003.jpg>

More information about the midPoint mailing list