[midPoint] How to configure ConnId options?

Tue Jan 21 11:59:21 CET 2025

Hello Robin,

unfortunately, the value for this option is currently hardcoded in 
midPoint: 
https://github.com/Evolveum/midpoint/blob/d28a6e28b6293fac12c26b5f78dc84e408f442a4/provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/SearchExecutor.java#L121-L124

(Some other options are set as needed, e.g. "attributes to get" are 
derived from fetchStrategy and other settings.)

Technically, it is possible to provide a code that would set also the 
allowPartialAttributeValues option depending e.g. on the resource 
configuration. You can contact our sales to check the options.

Best regards,

-- 
Pavol Mederly
Software developer
evolveum.com

On 21/01/2025 11:11, Robin Gorris (SFPD) via midPoint wrote:
>
> Hello,
>
> Is there a way to configure ConnId properties through MidPoint 
> configuration?
>
> Context: we’re evaluating the Keycloak connector from Openstandia, 
> which has been working great.
>
> When configuring the user-to-group mappings, we need to be able to set 
> the allowPartialAttributeValues value so that the connector doesn’t 
> skip retrieving group memberships, as I understand from this bit of code:
>
> if (allowPartialAttributeValues) {
>
> // Suppress fetching groups
>
> LOGGER.ok("[{0}] Suppress fetching groups because return partial 
> attribute values is requested", instanceName);
>
> AttributeBuilder ab = new AttributeBuilder();
>
> ab.setName(ATTR_GROUPS).setAttributeValueCompleteness(AttributeValueCompleteness.INCOMPLETE);
>
> ab.addValue(Collections.EMPTY_LIST);
>
> builder.addAttribute(ab.build());
>
> } else {
>
> if (attributesToGet == null) {
>
> // Suppress fetching groups default
>
> LOGGER.ok("[{0}] Suppress fetching groups because returned by default 
> is true", instanceName);
>
> } else if (shouldReturn(attributesToGet, ATTR_GROUPS)) {
>
> // Fetch groups
>
> LOGGER.ok("[{0}] Fetching groups because attributes to get is 
> requested", instanceName);
>
> List<GroupRepresentation> groups = 
> users(realmName).get(user.getId()).groups();
>
> builder.addAttribute(ATTR_GROUPS, groups.stream().map(g -> 
> g.getId()).collect(Collectors.toList()));
>
> }
>
> }
>
> The allowPartialAttributeValues variable is a ConnID Operation Option, 
> for which I found the JavaDoc here: OperationOptions (ConnId 1.5.2.0 
> API) 
> <https://connid.tirasa.net/apidocs/1.5/org/identityconnectors/framework/common/objects/OperationOptions.html#OP_ALLOW_PARTIAL_ATTRIBUTE_VALUES>
>
> The MidPoint version we’re using is 4.8.5.
>
> Regardless of our specific context, it would be good to know if and 
> how ConnId options can be set through MidPoint configuration. I highly 
> appreciate your feedback.
>
> Kind regards,
>
> <http://www.sfpd.fgov.be/>
>
> *Robin Gorris
> *
> Build & Release
> Federale Pensioendienst
>
> <http://www.sfpd.fgov.be/><http://mypension.be/><https://www.facebook.com/Pensioendienst><http://ow.ly/1059Df><https://twitter.com/Pensioendienst><http://ow.ly/1059Nc><https://www.youtube.com/channel/UCPhdJMkumaVUWvRiNcDsbzA><https://www.google.com/maps/place/Zuidertoren/@50.837610,4.336909,19z>
>
> Denk aan het milieu vooraleer je dit bericht afdrukt!
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2042 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1295 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0008.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 1224 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0009.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 1456 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0010.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 1476 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0011.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.gif
Type: image/gif
Size: 1468 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0012.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.gif
Type: image/gif
Size: 1146 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0013.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.gif
Type: image/gif
Size: 1282 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0014.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.gif
Type: image/gif
Size: 1465 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250121/b4ad55de/attachment-0015.gif>