Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 2019 18:04

    mederly on master

    Fix requestee.name reference in… (compare)

  • Jan 31 2019 16:50

    skublik on master

    removing of duplicate (compare)

  • Jan 31 2019 15:34

    skublik on master

    adding of tests for attachments Merge remote-tracking branch 'r… (compare)

  • Jan 31 2019 15:28

    skublik on admin-dashboard

    sending jasper and dashboard re… (compare)

  • Jan 31 2019 14:46

    mederly on master

    Fix TestNotifications Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 14:45

    PetrGasparik on master

    Translation update, WIP (compare)

  • Jan 31 2019 14:23

    mederly on master

    Fix YAML !!binary tag treatment… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 13:35

    KaterynaHonchar on master

    MID-5116 Admin GUI support for … Merge branch 'master' of https:… (compare)

  • Jan 31 2019 11:43

    mederly on master

    Implement easy parsing of xsd:a… (compare)

  • Jan 31 2019 10:40

    mederly on master

    Add skeleton for notification a… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 10:11

    KaterynaHonchar on master

    induced entitlement fixes fix for expression panel Merge branch 'master' of https:… (compare)

  • Jan 31 2019 10:03

    skublik on master

    removing css issue in debug pag… adding attachments to mail noti… Merge remote-tracking branch 'r… and 2 more (compare)

  • Jan 31 2019 09:50

    mederly on master

    Adapt admin-gui tests Now we c… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 08:56

    mederly on netid-fixes

    Add assignment path variables t… Merge branch 'support-3.9' into… (compare)

  • Jan 30 2019 20:50

    KaterynaHonchar on master

    MID-5121 Induced entitlement er… Merge branch 'master' of https:… (compare)

  • Jan 30 2019 17:15

    semancik on master

    Improved archetype sample (MID-… (compare)

  • Jan 30 2019 16:48

    semancik on master

    Archetype UX experiments and sa… (compare)

  • Jan 30 2019 16:20

    katkav on gui-wrapper

    gui prism panels and wrappers r… (compare)

  • Jan 30 2019 15:37

    semancik on master

    Fixed handling of secondary ide… (compare)

  • Jan 30 2019 09:05

    KaterynaHonchar on master

    more authorization checks for r… (compare)

Tracy McClain
@TracyMcClain
Question on Confluence Task Manager for Clustering and High Availability...I understand the process when a node goes down or crashes how a task is restarted on another node, but is the Task Manager itself HA?
Martin Lízner
@martin-lizner
Hi, I think Nexus got coronavirus, pls cure it :-)
Radovan Semancik
@semancik
Tracy: We are using Quartz scheduler as a base for task manager. There is no special "task manager" node, it is a distributed component embedded in every midPoint instance. Synchronization is done on top of Quartz database tables. Therefore yes, the task manager is itself HA. In fact, the single point of failure is the database (but that can be clustered too).
Martin: what's wrong with the localization? Maybe it is cause by monday morning, but I do not see the problem :-)
Petr Gašparík
@PetrGasparik
@semancik : nexus should have newer artifact
Petr Gašparík
@PetrGasparik
update: nexus did tick, there is newer artifact! (although the circumstances of time of tick are fuzzy :)
Petr Gašparík
@PetrGasparik
Demo is down.
Radovan Semancik
@semancik
MidPoint 4.1 will be released (most likely) today. Just waiting for one more commit and I'm starting the launch countdown.
Radovan Semancik
@semancik
Ah, I forgot to mention last week: support-4.1 branch is not yet created. We are still committing bugfixes to master, bugfixes that are targetted both for 4.2 and 4.1.1. Part of the teams takes it easy this week after the release and easter. We will avoid some amount of cherrypicking in this way.
I will create support branch probably early next week.
Radovan Semancik
@semancik
Support branch was created
Petr Gašparík
@PetrGasparik
18th language for midPoint - Dutch!
Please review and merge this PR : Evolveum/midpoint#118
Petr Gašparík
@PetrGasparik
image.png
looks good!
mahendradoodi
@mahendradoodi
Question - Able to create AD Group by midpoint role using meta role but unable to make object policy work for reverse . AD Group creation to midpoint role creation automatically. Is there a simple configuration option available
Radovan Semancik
@semancik
@mahendradoodi This chat is meant for developer and contributor coordination. It is not a support form. I would suggest to use midPoint mailing lists instead: https://lists.evolveum.com/mailman/listinfo/
Hiroyuki Wada
@wadahiro
@semancik Hi, I developed a new connector which is for Keycloak: https://github.com/openstandia/connector-keycloak
Could you list it on the connector list table?
Radovan Semancik
@semancik
@wadahiro Thank you. I have added the connector to the list.
Radovan Semancik
@semancik
We are almost at the point of feature freeze. We more hours and there will be M3 and feature freeze for midPoint 4.2.
Radovan Semancik
@semancik
We are close to 4.2 release now. Still fixing bugs, but we are close. MidPoint 4.2 may be released on Friday, or maybe few days later.
Radovan Semancik
@semancik
midPoint 4.2 release procedure starting ...
Hiroyuki Wada
@wadahiro
@semancik Happy New Year!
I've developed three new connectors! Could you list them on the connector list table?
Radovan Semancik
@semancik
Thank you, @wadahiro. The connectors are added to the list.
fefa2k
@fefa2k
Hello there, I'm evaluating midpoint and on my checklist I have "the ability to push events after a change happens" like when a user has been deleted, to push those changes to a RabbitMQ queue, is that possible nowadays with midpoint?
mederly
@mederly
@fefa2k If you want midPoint to emit simple notifications like "this object was added, modified or deleted", you can use so called custom notification transport - see https://wiki.evolveum.com/display/midPoint/Custom+notification+transport+HOWTO. (I.e. you would need to insert your own Groovy, JS, or whatever code that would send appropriate message to a RabbitMQ queue.) However, starting from 4.3-M1 there is an experimental feature of "serious" asynchronous provisioning - see https://wiki.evolveum.com/display/midPoint/Asynchronous+%28Messaging%29+Outbound+Resources. The difference between the two approaches is that the latter can utilize the full power of midPoint transformational engine (using mappings, object templates, metaroles, and the like) to derive the content of messages that are sent out. In order words, you can create a remote "projection" of your midPoint users and manage it just like you manage your LDAP, AD, CSV, or whatever "online" resources. Just refer to the wiki links above.
fefa2k
@fefa2k
great, thank you @mederly, the idea we have is to have an already deployed software that reads from a RMQ queue and applies whatever changes were done to the users in their local system (ie. DB, Google admin, whatever...)
mederly
@mederly
@fefa2k Yes. I understand. In usual midPoint deployments, however, this functionality is provided by (synchronous) midPoint connectors. The direct advantage is better troubleshooting, and - in particular - the ability to do "full reconciliation" of a target resource against midPoint. I would recommend to lean towards this architecture, at least in the long run.
Petr Gašparík
@PetrGasparik
@fefa2k if you want just synchronization hub, the idea is ok. Once you need to do auditing and reporting, that's different level.
Sven Lukrafka
@sven.lukrafka_gitlab
Hello, we are planning a contribution to the Ldap-Connector. Does one of you have time for a chat about this?
Radovan Semancik
@semancik
Hi Sven. Any contribution is more than welcome. Let's chat here.
Hiroyuki Wada
@wadahiro
@semancik Hello, I've developed new connector, GitHub Connector. Could you add to the connector list? Thanks in advance.
https://github.com/openstandia/connector-github
Radovan Semancik
@semancik
Thank you Hiroyuki, connector added to the list. Looks like you got up to speed with connector development. I really appreciate that!
Viliam Repan
@1azyman
Hi all, new version of intellij idea midpoint studio plugin was just published and is available on jetbrains marketplace:
milestone: 4.4-125
nightly: 4.4-216-nightly
smntx
@smntx
Hi, everybody. Please excuse the noob question - I'm in need of looking into authorized user session objects. Could someone direct me to the right debugging tech to do it, please?
Brandon Powers
@bpowers1215

Hi everyone. When we implement MidPoint for our clients, we take full advantage of the RBAC capabilities by applying inducements to the org hierarchy orgs and other roles. This grants a standard set of access to the identities by way of things like a person's job title/position. Since there are exceptions to every rule, occasionally identities have direct assignments of specific roles.

The user assignments page is great in that it shows all assignments a user has - broken down by both direct and indirect assignments (granted through the org/role inducements).

Our current challenge is that occasionally, a user's direct assignment may be elevated to a standard indirect assignment by way of org/role inducements (e.g. the exception becomes part of the RBAC - no longer an exception). In such scenarios, we'd like the direct assignment to somehow be auto lifted, but we're finding it difficult to get at the direct/indirect assignment information that the user assignments tab presents.

Is there midpoint utility or model that easily calculates or otherwise reports all direct and indirect assignments (and which they are) to be used in such a scenario? (note, user role membership refs don't inform how the role got there, just that it is there)

mederly
@mederly
Hello @bpowers1215 ! This should be the code that obtains the assignment information to be displayed on the user assignments tab: https://github.com/Evolveum/midpoint/blob/109771af5260d38ccc0e9e67e007a824d51fb397/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java#L642-L711.
The "interface" (i.e. the EvaluatedAssignment class and its content) is not very clean nor documented - yet. But maybe you would be able to obtain the information you need.
Anyway, what you need - if I am not mistaken - is to obtain a set of EvaluatedAssignments and their targets, and check if a specific target is reachable both directly and indirectly, via different values of $user/assignment. Be sure to check for validity, condition status, inducement orders, and so on. Everything should be there (so no need to e.g. evaluate conditions yourself), but be sure to take those flags into account.
Brandon Powers
@bpowers1215
Thanks @mederly. We actually have been taking a look at that very code. But we found that it seems to be dependent on a user model that is only attainable through an event like modification, or in this case, recomputation? So a recompute task is kicked off in the function you mentioned to obtain this. Am I reading this correctly, or is there another way to detect this information? It seem context will be matter as we are hoping to achieve insight of direct/indirect assignments to remove duplicate direct assignments either in a scripted task or an inbound mapping using assignment target search.
mederly
@mederly
Yes. The information about direct/indirect assignment details is a by-product of a processing of user in so-called Projector. That's a central component in midPoint that takes a situation (focus object, optionally its deltas, and projections), and computes changes that should be applied on the object and its projections. Besides many other things, this projector evaluates also user assignments and their implications. Currently this is the only way how to get this information about assignment details. (I.e. it is not stored in the repository.)
So it is not a "cheap" operation (taking let's say milliseconds or tens of milliseconds). It will take more, depending on your particular situation, maybe hundreds of milliseconds or more.
But this Projector processing can be invoked in any situation. No specific requirements are there.
These are two key lines from the code snipped we are talking about:
Instead of Collections.singleton(delta) you should send an empty collection of deltas - as there are none to be processed.
And you can use this code safely in e.g. scripted task. That would be the best place in my opinion.
mederly
@mederly
If the performance is a concern, you could experiment with so-called partial processing options to disable parts of the Projector processing. E.g. inbound and outbound mappings can be safely turned off, I think. For the overview of the whole Projector process please see this (unfinished) document: https://docs.evolveum.com/midpoint/devel/design/projector-and-clockwork-internals/
1 reply