[midPoint] (sub)role unassignment issue
Markus Calmius
markus.calmius at proton.ch
Tue Oct 24 10:12:10 CEST 2023
Hi,
if someone can point me in the right direction on how to solve the problem below, I will very much appreciate it.
During HR-import we set some specific Archetypes (thanks Pavol for guiding me to "mapping range")
The main archetype (for active users) induces two roles, one to give access to midpoint-gui and one business-role that induces other roles, one which sets a group in a keycloak resource.
When the archetype is changed (lifecycle state has changed) all direct and indirect assignments are removed, but the user still has an account and association to the group in keycloak.
If, however, I assign the "keycloak"-role manually, and then deactivate the user it is removed. (thanks to the hook-implementation)
so:
User->ArcheType->Business-Role->Keycloak-Role - does not work
User->Business-Role->Keycloak-Role - does not work
User->Keycloak-Role - works
Markus Calmius
Proton AG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231024/cc2eb9eb/attachment.htm>
More information about the midPoint
mailing list