<div dir="ltr"><div dir="ltr">In this test version, I'm trying to assign the same role just for testing. I wanted to see if I could just get a user assigned to this static role.<div><br></div><div><div><br></div><div> <i> <inbound id="372"></i></div><div><i> <authoritative>false</authoritative></i></div><div><i> <exclusive>false</exclusive></i></div><div><i> <strength>strong</strength></i></div><div><i> <expression></i></div><div><i> <value></i></div><div><i> <targetRef oid="c50396ff-14a7-423e-a513-ff28c8bc91ee" type="c:RoleType"/></i></div><div><i> </value></i></div><div><i> </expression></i></div><div><i> <target></i></div><div><i> <c:path>assignment</c:path></i></div><div><i> </target></i></div><div><i> </inbound></i></div></div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 9, 2019 at 11:06 AM Jason Everling <<a href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">what is this? are you trying to just assign the same role to everyone? You can assign a role to everyone using your user template like the end user role<br><br><div style="color:rgb(80,0,80)"> <expression></div><div style="color:rgb(80,0,80)"> <value></div><div style="color:rgb(80,0,80)"> <targetRef oid="c50396ff-14a7-423e-a513-ff28c8bc91ee" type="c:RoleType"/></div><div style="color:rgb(80,0,80)"> </value></div><div style="color:rgb(80,0,80)"> </expression></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><br></div><div><div dir="ltr" class="gmail-m_2407845088830972628gmail_signature"><div dir="ltr">JASON</div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 9, 2019 at 9:49 AM Justin Stanczak <<a href="mailto:rizenine@gmail.com" target="_blank">rizenine@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>Here's what I just tried this morning. I can get the account to link but the role does not get added. </div><div><br></div><div><schema></div><div> <cachingMetadata></div><div> <retrievalTimestamp>2019-04-09T09:36:54.692-04:00</retrievalTimestamp></div><div> <serialNumber>5f04ae80be872350-b2c11dd7e1f3fd2d</serialNumber></div><div> </cachingMetadata></div><div> <definition></div><div> <xsd:schema xmlns:a="<a href="http://prism.evolveum.com/xml/ns/public/annotation-3" target="_blank">http://prism.evolveum.com/xml/ns/public/annotation-3</a>" xmlns:ra="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3</a>" xmlns:tns="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>" xmlns:xsd="<a href="http://www.w3.org/2001/XMLSchema" target="_blank">http://www.w3.org/2001/XMLSchema</a>" elementFormDefault="qualified" targetNamespace="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"></div><div> <xsd:import namespace="<a href="http://prism.evolveum.com/xml/ns/public/annotation-3" target="_blank">http://prism.evolveum.com/xml/ns/public/annotation-3</a>"/></div><div> <xsd:import namespace="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"/></div><div> <xsd:import namespace="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3</a>"/></div><div> <xsd:complexType name="AccountObjectClass"></div><div> <xsd:annotation></div><div> <xsd:appinfo></div><div> <ra:resourceObject/></div><div> <ra:identifier>icfs:uid</ra:identifier></div><div> <ra:secondaryIdentifier>icfs:name</ra:secondaryIdentifier></div><div> <ra:displayNameAttribute>icfs:name</ra:displayNameAttribute></div><div> <ra:namingAttribute>icfs:name</ra:namingAttribute></div><div> <ra:nativeObjectClass>__ACCOUNT__</ra:nativeObjectClass></div><div> <ra:kind>account</ra:kind></div><div> <ra:default>true</ra:default></div><div> </xsd:appinfo></div><div> </xsd:annotation></div><div> <xsd:sequence></div><div> <xsd:element name="ROLE" type="xsd:string"></div><div> <xsd:annotation></div><div> <xsd:appinfo></div><div> <a:displayOrder>120</a:displayOrder></div><div> <ra:frameworkAttributeName>ROLE</ra:frameworkAttributeName></div><div> </xsd:appinfo></div><div> </xsd:annotation></div><div> </xsd:element></div><div> <xsd:element ref="icfs:name"></div><div> <xsd:annotation></div><div> <xsd:appinfo></div><div> <a:displayName>ConnId Name</a:displayName></div><div> <a:displayOrder>110</a:displayOrder></div><div> <ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName></div><div> </xsd:appinfo></div><div> </xsd:annotation></div><div> </xsd:element></div><div> <xsd:element name="BANNERID" type="xsd:decimal"></div><div> <xsd:annotation></div><div> <xsd:appinfo></div><div> <a:displayOrder>130</a:displayOrder></div><div> <ra:frameworkAttributeName>BANNERID</ra:frameworkAttributeName></div><div> </xsd:appinfo></div><div> </xsd:annotation></div><div> </xsd:element></div><div> <xsd:element minOccurs="0" ref="icfs:uid"></div><div> <xsd:annotation></div><div> <xsd:appinfo></div><div> <a:displayName>ConnId UID</a:displayName></div><div> <a:displayOrder>100</a:displayOrder></div><div> <a:access>read</a:access></div><div> </xsd:appinfo></div><div> </xsd:annotation></div><div> </xsd:element></div><div> </xsd:sequence></div><div> </xsd:complexType></div><div> </xsd:schema></div><div> </definition></div><div> </schema></div><div> <schemaHandling></div><div> <objectType id="169"></div><div> <kind>account</kind></div><div> <default>true</default></div><div> <objectClass>ri:AccountObjectClass</objectClass></div><div> <association id="371"></div><div> <c:ref>ri:group</c:ref></div><div> <tolerant>false</tolerant></div><div> <exclusiveStrong>false</exclusiveStrong></div><div> <inbound id="372"></div><div> <authoritative>false</authoritative></div><div> <exclusive>false</exclusive></div><div> <strength>strong</strength></div><div> <expression></div><div> <value></div><div> <targetRef oid="c50396ff-14a7-423e-a513-ff28c8bc91ee" type="c:RoleType"/></div><div> </value></div><div> </expression></div><div> <target></div><div> <c:path>assignment</c:path></div><div> </target></div><div> </inbound></div><div> <kind>entitlement</kind></div><div> <intent>group</intent></div><div> <direction>objectToSubject</direction></div><div> <associationAttribute>ri:ROLE</associationAttribute></div><div> <valueAttribute>icfs:name</valueAttribute></div><div> <explicitReferentialIntegrity>false</explicitReferentialIntegrity></div><div> </association></div><div> </objectType></div><div> <objectType id="369"></div><div> <kind>entitlement</kind></div><div> <intent>group</intent></div><div> <default>false</default></div><div> <objectClass>ri:AccountObjectClass</objectClass></div><div> </objectType></div><div> </schemaHandling></div><div> <synchronization></div><div> <objectSynchronization></div><div> <kind>account</kind></div><div> <enabled>true</enabled></div><div> <correlation></div><div> <q:equal></div><div> <q:path>c:name</q:path></div><div> <expression xmlns=""></div><div> <path>$account/attributes/icfs:name</path></div><div> </expression></div><div> </q:equal></div><div> </correlation></div><div> <reconcile>false</reconcile></div><div> <reaction></div><div> <situation>unlinked</situation></div><div> <synchronize>true</synchronize></div><div> <reconcile>false</reconcile></div><div> <action></div><div> <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></div><div> </action></div><div> </reaction></div><div> </objectSynchronization></div><div> <objectSynchronization></div><div> <kind>entitlement</kind></div><div> <intent>group</intent></div><div> <enabled>true</enabled></div><div> <correlation></div><div> <q:equal></div><div> <q:path>c:name</q:path></div><div> <expression xmlns=""></div><div> <path>$account/attributes/ri:ROLE</path></div><div> </expression></div><div> </q:equal></div><div> </correlation></div><div> <reconcile>false</reconcile></div><div> <reaction></div><div> <situation>unlinked</situation></div><div> <reconcile>false</reconcile></div><div> <action></div><div> <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></div><div> </action></div><div> </reaction></div><div> </objectSynchronization></div><div> </synchronization></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 9, 2019 at 9:49 AM Jason Everling <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">The sample is using a condition to check for the role type attribute that is set to 'auto' and then it is matching name that equals 'auto' + the name of the entitlement . You can try it for dev purposes without the condition and then adjust the script to <span style="color:rgb(0,0,0);font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;white-space:nowrap">return entitlement?.getName(); </span><span style="color:rgb(0,0,0);white-space:nowrap"><font face="arial, helvetica, sans-serif">You can also post your definition for association here,</font></span><div><div><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 8, 2019 at 3:08 PM Justin Stanczak <<a href="mailto:rizenine@gmail.com" target="_blank">rizenine@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">I do have a default role assigned in the user template. I tried the associations from (<a href="https://wiki.evolveum.com/display/midPoint/Inbound+Mapping" target="_blank">https://wiki.evolveum.com/display/midPoint/Inbound+Mapping</a>) the docs but I can't get it to work. Not sure what I'm doing wrong. Some of the docs seem to be incomplete. I'm inducing resources and assigning roles. I'm a bit unsure about the intent and entitlement part of associations. Thanks.</div><div dir="ltr"><br></div><div dir="ltr">
<br></div><div dir="ltr"><objectTemplate .....<br></div><div dir="ltr"><i> <mapping id="2"></i></div><div dir="ltr"><i> <name>end user role</name></i></div><div dir="ltr"><i> <strength>strong</strength></i></div><div dir="ltr"><i> <expression></i></div><div dir="ltr"><i> <assignmentTargetSearch xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="c:AssignmentTargetSearchExpressionEvaluatorType"></i></div><div dir="ltr"><i> <targetType>c:RoleType</targetType></i></div><div dir="ltr"><i> <oid>9a355bd4-07b3-44e5-8708-caa43e94c2b6</oid></i></div><div dir="ltr"><i> </assignmentTargetSearch></i></div><div dir="ltr"><i> </expression></i></div><div dir="ltr"><i> <target></i></div><div dir="ltr"><i> <c:path>assignment</c:path></i></div><div dir="ltr"><i> </target></i></div><div dir="ltr"><i> </mapping></i></div><div dir="ltr">.....objectTemplate ><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 8, 2019 at 3:47 PM Jason Everling <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">looks like it is trying to replace the end user role but that is assigned from a strong condition in your default user template. You can create inbound assignment mappings from association.</div>
</blockquote></div></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>