<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Well... to be more precise: focusType check at that line expects
that the focus type is present in LensContext. But, for the
purpose of evaluation of user assignments during login, the focus
type in LensContext is not filled-in.</p>
<p>Please write the JIRA and we'll fix that.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 09.01.2017 14:41, Pavol Mederly
wrote:<br>
</div>
<blockquote
cite="mid:5a82869c-2e98-56a5-de92-0dd47e0146fb@evolveum.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<p>Martin,</p>
<p>I've played with your case for a while and it seems that <b><focusType>UserType</focusType></b>
is the problem. After removing it, the authorizations are
propagated correctly.<br>
</p>
<p>I'm not sure why it is so; as it should work, as far as I know.
I suspect a bug at AssignmentEvaluator:682, but I'm not sure.<br>
</p>
<p>Maybe you could file a JIRA for this.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 03.01.2017 19:10, Martin Marchese
wrote:<br>
</div>
<blockquote
cite="mid:CAG3rmdpaCK1vngOtMe4=cAFhmdTXrKKWB8OqVeMeOfOEfE8DVw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi All,</div>
<div><br>
</div>
<div>Within our MidPoint 3.5 deployment, we have created an
Org Structure which induces a role to users.</div>
<div><br>
</div>
<div>This role, contains all kind of authorizations for users
(REST acccess, GUI access, etc).</div>
<div><br>
</div>
<div>Once the organization is assigned to a user, it gets the
role assigned but not the authorizations. However, if we
assign the role directly to the user, all the authorizations
are assigned OK.</div>
<div><br>
</div>
<div>I was wondering if there is not any kind of order for
authorizations (as it is for inducements). Or anything that
we might be missing in our objects?</div>
<div><br>
</div>
<div>Below, I send the examples of how our Org and Role look
like:</div>
<div><br>
</div>
<div><br>
</div>
<div>Org:</div>
<div>-----</div>
<div>
<div><org oid="00000000-0000-1de4-0009-000000000001"></div>
<div> <name>MEGC</name></div>
<div>...</div>
<div> <inducement id="6"></div>
<div> <targetRef
oid="00000000-0000-1de4-0003-000000000001"
type="RoleType"></targetRef></div>
<div> <orderConstraint></div>
<div> <orderMax>unbounded</orderMax></div>
<div> </orderConstraint></div>
<div> <focusType>UserType</focusType></div>
<div> </inducement></div>
<div>...</div>
<div></org></div>
</div>
<div><br>
</div>
<div>Role:</div>
<div>-------</div>
<div><br>
</div>
<div>
<div><role oid="00000000-0000-1de4-0003-000000000001"<br>
</div>
<div> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">
<name>MidPoint Custom User</name></div>
<div> <roleType>APPLICATION</roleType></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><authorization></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><description>Permisos
GUI</description></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><action><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard</a></action></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><action><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</a></action></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></authorization></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>...</div>
<div></role></div>
</div>
<div><br>
</div>
<div>Thanks in Advance</div>
<div><br>
</div>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com"
target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com"
target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>