[midPoint] Role Assignment Condition Not Evaluated on Recompute

Sebastian Beetz sebastian.beetz at kogit.de
Mon Jul 14 21:35:31 CEST 2025 

Hello!

I am currently trying to introduce a condition to automatic role assignments according to https://docs.evolveum.com/midpoint/reference/support-4.8/roles-policies/automatic-role-assignment/ .
Now I want to update existing user assignments according to the condition. Problem is that the condition is not evaluated, neither through recompute nor reconcile.
When the user object is updated, e.g. by changing the description attribute, the assignment condition is correctly evaluated.

Am I missing something here? Am I doing something wrong?

The mapping in the user template looks like this:

<mapping id="3">
        <name>Role Assignment</name>
        <strength>normal</strength>
        <source>
            <path>description</path>
        </source>
        <expression>
            <value xmlns=http://midpoint.evolveum.com/xml/ns/public/common/common-3>
                <targetRef xmlns="">
                    <oid>cc65382f-28a3-40a4-84e8-822d312d61cd</oid>
                    <type>c:RoleType</type>
                </targetRef>
            </value>
        </expression>
        <target>
            <path>assignment</path>
        </target>
        <condition>
            <script>
                <code>description?.split(":")[1] != 'EXPIRED'</code>
            </script>
        </condition>
    </mapping>

I already tried different strength settings as well as omitting it completely.

As always, every help is appreciated.

Best Regards
Sebastian



Sebastian Beetz | Solution Consultant, Team Lead Internal Infrastructure
Mobil: +49 151 67806842 | Tel: +49 6151 7869-142

KOGIT GmbH | Rheinstr. 40-42 | 64283 Darmstadt
www.kogit.de<https://www.kogit.de> | LinkedIn<https://de.linkedin.com/company/kogit-gmbh> | Xing<https://www.xing.com/pages/kogitgmbh> | Instagram<https://www.instagram.com/kogit_gmbh/>

Gesch?ftsf?hrer: Gerald Kaufhold
Amtsgericht Darmstadt | HRB 8640 | Ust-IdNr: DE224251141
Datenschutzhinweise | www.kogit.de/datenschutz<https://www.kogit.de/datenschutz>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250714/1dea1cf7/attachment-0001.htm>

More information about the midPoint mailing list