IdStory Identity Manager: Issueshttps://redmine.czechidm.com/https://redmine.czechidm.com/themes/purplemine2/favicon/favicon.ico?16339658642021-11-08T09:42:41ZIdStory Identity Manager
Redmine IdStory Identity Manager - Task #2998 (New): Bulk action IdentityRemoveRoleBulkAction has strict ...https://redmine.czechidm.com/issues/29982021-11-08T09:42:41ZRoman Kučera
<p>If you want to run this bulk action in use case, where you are only guarantee for some roles, so you can add/remove only the roles for which you are guarantee. This bulk action will fail.</p>
<p>The cause is this line <a class="external" href="https://github.com/bcvsolutions/CzechIdMng/blob/e8295b7c98b5fd216535685547c199498c2e2122/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/bulk/action/impl/IdentityRemoveRoleBulkAction.java#L215">https://github.com/bcvsolutions/CzechIdMng/blob/e8295b7c98b5fd216535685547c199498c2e2122/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/bulk/action/impl/IdentityRemoveRoleBulkAction.java#L215</a></p>
<p>Bulk action is already checking if you have the correct permission for user's contract. So maybe the line can be deleted and everything will be ok. But then tests need to performed.</p>
<p>It would be better to make the permissions similar as for bulk action for adding roles, which works correctly it the use case described above.</p> IdStory Identity Manager - Task #2969 (New): oprávnění v organizační struktuřehttps://redmine.czechidm.com/issues/29692021-10-04T12:46:07ZMartin Šplíchal
<p>Dobrý den,</p>
<p>poradíte mi prosím, jak nastavit, aby zaměstnanec který je v organizační struktuře veden jako vedoucí úseku IT viděl při přihlášení i zaměstnance pod strukturou NOC? Aktuálně vidí pouze zaměstnance ve struktuře IT administrátor a senior IT administrátor (tedy ty, co jsou přímo pod ním a ne pod další skupinou)</p>
<p><01.png></p>
<p>Zaměstnanec má tyto oprávnění:</p>
<p><2.png></p>
<p>Děkuji</p> IdStory Identity Manager - Feature #2955 (New): Add new columns for the users tablehttps://redmine.czechidm.com/issues/29552021-09-17T14:02:01ZAlena Peterováalena.peterova@bcvsolutions.eu
<p>When working with users (filtering for bulk assigning roles etc.), we often need more information about the users to be able to distinguish them. E.g. there are multiple John Doe's, and we need info about their work position.</p>
Please support new columns in the table of Users. (Maybe not by default, but as a configuration option.) We would like:
<ul>
<li>phone</li>
<li>work position (department)</li>
<li>direct manager</li>
</ul>
<p>(And the info about work position would be helpful also when selecting users for the new bulk operation - assignment of roles.)</p>
<p>Feedback from our customer.</p> IdStory Identity Manager - Feature #2925 (New): Add new filtering option into role request - hide...https://redmine.czechidm.com/issues/29252021-08-31T14:23:19ZOndřej Kopr
<p>Please add new filtering option into role request table - hide/show automatically assigned roles (auto/business roles).</p>
<p>In default state roles will be automatically shown. Filtering options hide these roles.</p>
<p>Thank you! It will be awesome.</p> IdStory Identity Manager - Feature #2915 (New): Notification break for topichttps://redmine.czechidm.com/issues/29152021-08-25T13:19:17ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>There are provisioning breaks in CzechIdM. Please add a similar mechanism for notifications of a certain topic from IdM.<br />I'd like to be able to set limits for warning message and disalbe a topic when set threshold is exceeded. E.g. when too many virtual system requests are created or when too many password expiration notifications are sent.</p> IdStory Identity Manager - Task #2912 (New): Bulk operation to change value of identity EAVhttps://redmine.czechidm.com/issues/29122021-08-24T11:52:09ZRoman Kučera
<p>Implement bulk action for users.<br />It will allow to change some EAV value for multiple users.</p>
<p>Use-case<br />EAV with OU where user should be in AD, or name of fileserver where user should have homedir.<br />Admin needs to go and select proper values for each user.<br />It will be easier for him to select multiple users and set the correct value in one operation.</p>
<p>But in general it make sense to have the option of setting some EAV value to multiple users at once.</p>
<p>It will nice to have the option of choosing which EAV attribute you want to edit and then display the possible values (E.g code list options for selectbox, checkbox for boolean, ...)</p> IdStory Identity Manager - Task #2894 (New): Asynchronous events waiting for not executed eventhttps://redmine.czechidm.com/issues/28942021-07-20T13:32:04ZRoman Kubica
<p>When manually deleting unwanted user in IdM with process: delete user in users tab via bulk action - user have automatic roles, contract with times slices and system accounts.</p>
<p>There is a protection mode 180 days.<br />There is a processor for renaming username and removing email when operation provisoning delete. There are also other project specific processors for working with time slices and identities.</p>
<p>I would need your help to check if the delete user event (or any event) can wait for the failed event (state not executed) and stay in status running/waiting until the failed one is finished as you can see in the screenshots.</p>
<p>IdM version 10.8.3</p>
<p>Me or @kopro can provide more details if needed.</p>
<pre>
eu.bcvsolutions.idm.core.api.exception.EventContentDeletedException: Content for event [null] type [NOTIFY] for owner [ab6326c3-d550-4abb-8074-bb2badfd0bb8] on instance [idm-primary] was deleted. Event cannot be executed and will be canceled.
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.toEvent(DefaultEntityEventManager.java:789)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.putToQueue(DefaultEntityEventManager.java:1174)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.publishNotify(DefaultEntityEventManager.java:418)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.changedEntity(DefaultEntityEventManager.java:407)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$a258bf8.changedEntity(<generated>)
at eu.bcvsolutions.idm.acc.event.processor.contract.IdentityContractProvisioningProcessor.doProvisioning(IdentityContractProvisioningProcessor.java:87)
at eu.bcvsolutions.idm.acc.event.processor.contract.IdentityContractProvisioningProcessor.process(IdentityContractProvisioningProcessor.java:56)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:239)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor$$FastClassBySpringCGLIB$$df69624d.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at eu.bcvsolutions.idm.acc.event.processor.contract.IdentityContractProvisioningProcessor$$EnhancerBySpringCGLIB$$a608f12f.onApplicationEvent(<generated>)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:372)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:251)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:178)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$a258bf8.process(<generated>)
at eu.bcvsolutions.idm.core.model.event.processor.event.EntityEventExecuteProcessor.process(EntityEventExecuteProcessor.java:52)
at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java:239)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:372)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:251)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java:178)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$2.run(DefaultEntityEventManager.java:616)
at eu.bcvsolutions.idm.core.config.DelegatingTransactionContextRunnable.run(DelegatingTransactionContextRunnable.java:39)
at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java:84)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
</pre> IdStory Identity Manager - Feature #2834 (New): When duplicating a role, allow duplicating the ca...https://redmine.czechidm.com/issues/28342021-05-26T07:49:57ZTomáš Doischer
<p>Currently, when duplicating a role, you can select a number of things to duplicate as well (automatic roles etc.). It would be useful to enable duplicating catalogue placement as well (place the new role in the same folder as the original one).</p> IdStory Identity Manager - Feature #2833 (New): When duplicating a role, allow duplicating the gu...https://redmine.czechidm.com/issues/28332021-05-26T07:48:40ZTomáš Doischer
<p>Currently, when duplicating a role, you can select a number of things to duplicate as well (automatic roles etc.). It would be useful to enable duplicating guarantors as well.</p> IdStory Identity Manager - Task #2831 (New): Enforce 2FAhttps://redmine.czechidm.com/issues/28312021-05-26T07:36:47ZTomáš Doischer
<p>It would be useful to be able to configure that users must use two-factor authentication. Ideally this should be set by role in the style of permissions so that you can set that only admins have to use 2FA, or every user must use it.</p> IdStory Identity Manager - Task #2523 (New): All scheduled tasks were started at once after IdM w...https://redmine.czechidm.com/issues/25232020-10-16T16:01:18ZAlena Peterováalena.peterova@bcvsolutions.eu
Version 10.4.7<br />This happened in my local environment, but I think it's potentially dangerous for production usage (e.g. when there is some longer shutdown, either planned or not planned).
<ul>
<li>IdM (Tomcat) didn't run for some time (more than 1 day)</li>
<li>I started the Tomcat</li>
<li>All tasks, that are scheduled, started almost immediately at once.</li>
</ul>
<p>Expected behavior: The tasks run at their schedule time first time in the future.</p>
<p>Reason: The scheduled times ensure some order and distribution of the tasks. There can be good reasons why something should run only at specific time (e.g. notifications, dependency on the timing of some external operation). Also some of the "maintenance" tasks should run only at night, they could consume a lot of time or resources.</p>
<p>Maybe this is connected to <a class="issue tracker-2 status-1 priority-2 priority-default prio-name-normal" title="Task: Scheduler - don't start the task when "Repeated start" fire time is in the past (New)" href="https://redmine.czechidm.com/issues/2499">#2499</a>, but that ticket can happen only by some mistake, so I think this is more critical.</p> IdStory Identity Manager - Feature #2328 (New): FE: tree select - highlight selected tree node pa...https://redmine.czechidm.com/issues/23282020-06-17T11:44:21ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<p>When tree select is shown, then currently selected node is highlighted, when parent node is expanded (~node is currently visible). When selected node is not visible (placed somewhere in structure), then nothing is highlighted - is not shown, where currently selected node is placed.<br />Highlight all parents for currently selected tree node.</p> IdStory Identity Manager - Task #1358 (New): Save tree state (expanded, selected node) in redux s...https://redmine.czechidm.com/issues/13582018-11-01T09:38:14ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<p>Save tree state in redux store to remember tree state between page (content) traversing.<br />It's needed to implement cleaning the state, when some active operation is executed with the structure (create, delete node, catalogue ...).</p>
<p>Feedback from our customer:<br />Please save the state of the expanded organization tree. It's uncomfortable to have to expand it again and again when returning e.g. from the detail of a tree node.<br />If possible, please allow also to open the detail of a selected tree node in a new tab.</p> IdStory Identity Manager - Task #1246 (New): Run tests for MSSQL and Postgres on jenkinshttps://redmine.czechidm.com/issues/12462018-09-10T06:02:00ZOndřej Kopr
<p>Now I'm unable run tests with different profile than default in submodules like ACC and etc.</p> IdStory Identity Manager - Task #724 (New): Process long running task in more threadshttps://redmine.czechidm.com/issues/7242017-09-29T10:00:12ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<p>Process items of long running task (LRT) in more threads. Requirements:<br />- use predefined thread pool, prevent resource exhaustion, rejection task for queue (moved to <a class="issue tracker-2 status-5 priority-2 priority-default prio-name-normal closed child" title="Task: Implement thread rejection policy for LRT pool (Closed)" href="https://redmine.czechidm.com/issues/1837">#1837</a>)<br />- persist state, exceptions etc. of all LRT items.<br />- prevent to process item duplicitly<br />- persist start and end of LRT.</p>
<p>Design:<br />- implement spring batch for statefull tasks.</p>