Project

General

Profile

Actions

Task #2883

closed

Cross-domains

Added by Vít Švanda over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Vít Švanda
Category:
Systems
Target version:
Start date:
07/12/2021
Due date:
% Done:

100%

Estimated time:
150.00 h
Owner:

Related issues

Related to IdStory Identity Manager - Task #2875: Cross-domains - analysisClosedVít Švanda07/08/2021

Actions
Actions #1

Updated by Vít Švanda over 3 years ago

  • Estimated time set to 150.00 h
Actions #2

Updated by Vít Švanda over 3 years ago

  • Related to Task #2875: Cross-domains - analysis added
Actions #3

Updated by Vít Švanda over 3 years ago

  • Priority changed from Normal to High
Actions #4

Updated by Vít Švanda over 3 years ago

  • Status changed from New to In Progress
Actions #5

Updated by Vít Švanda over 3 years ago

  • % Done changed from 0 to 10
Actions #6

Updated by Vít Švanda over 3 years ago

  • % Done changed from 10 to 30
  • Automatic and business roles create accounts even if default creation is disabled!
  • Role deduplication supports idm-role-system now.
  • Concept detail show system (in edit mode too).
Actions #7

Updated by Vít Švanda over 3 years ago

The system is displayed in the IdentityRole table. The IdentityRole table now has configurable columns.

Actions #8

Updated by Vít Švanda over 3 years ago

  • % Done changed from 30 to 40
Actions #9

Updated by Vít Švanda over 3 years ago

  • % Done changed from 40 to 50
Actions #10

Updated by Vít Švanda over 3 years ago

  • % Done changed from 50 to 60
Actions #11

Updated by Vít Švanda over 3 years ago

I found big issue with overridding attributes in case where UID attribute is overridden. In this scenario, I am unable to evaluate which group (to which account) the attribute belongs to because I don't have a link between the account and the identity. As a workaround, I made a decision/constraint:

A role that is in a cross-domain group and or is no-login cannot overload a UID attribute.

The implementation solves the problem by looking up the overloaded attributes to see if any of the standard attributes overloads the UID attribute, if so I don't look for any additional attributes. If not, I find any attributes that are in a cross-domain group or are no-login.

Actions #12

Updated by Vít Švanda over 3 years ago

  • % Done changed from 60 to 70

Solved problem with IdmRoleThin entity. Disable filter validation in IC module.

Actions #13

Updated by Vít Švanda over 3 years ago

With Roman, we successfully tested cross-domains with using IdM and WinRM connector together.
  • I implemented first 3 tests for cross-domains in IdM.
Actions #14

Updated by Vít Švanda over 3 years ago

  • After discussion, I implemented new feature. Values from others cross-domain systems are returned on FE (on a detail of Account) now.
  • Provisioning was redesigned for this feature and for prevent useless loadings (performance).
  • Next complex test for cross-domain was added.
Actions #15

Updated by Vít Švanda over 3 years ago

  • % Done changed from 70 to 80
  • Implemented next tests for cross-domains and no-login role feature.
  • I changed implementation for automatic and business role - accounts are not created now (for roles in cross-domain groups or for no-login roles).
  • Tests for automatic and business roles implemented too.

All changes are merged in the develop now.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/dfc8c58f400c4854602c4d4deb4318fddd479d01

Actions #16

Updated by Vít Švanda over 3 years ago

Actions #17

Updated by Vít Švanda over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 80 to 90
Actions #18

Updated by Radek Tomiška over 3 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Vít Švanda

I did code review and test basic functionality. Feature is really complex, good job.

I found only minor review notes:
- [minor] MSSQL change script - varchar data type is forgotten for description (=> nvarchar(2000))
- [minor] SYSTEMGROUP - ADMIN permission is missing in enumeration (=> item missing on FE for configuration)
- [minor] DefaultSysSystemGroupSystemService#saveInternal - @Transactional annotation is missing
- [minor] I like assigned role table columns are configurable now, awesome! Add pls new configuration property with available columns descrition into doc https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#applicationserver
- [trivial] IdmRoleSystemFilter - constructors are before fields
- [trivial] SystemGroup and SystemGroupService shares the same permission group - I'm not sure if this will work in all use cases (~ on FE are two permissions anyway)
- [trivial] Help icon is missing on filter with like usage in system group agenda
- [note only] I like count method usage, this can improve performance.
- [note only] I like newly created data filters (e.g. SysSystemGroupSystemFilter.java ), thx :) !
- [note only] Warnings are in code (unused imports, unused fields, missing serial version id etc.)
- [note only] Rest test for newly created controllers (e.g. SysSystemGroupController) and bulk actions are missing (~ find / getPredicates method is not fully tested)
- [note only] #applyContext method can be used instead #toDto method (~ no functional impact, just possibility to arrange code)

Actions #19

Updated by Vít Švanda over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška

Thanks for feedback. You have good eye (MS SQL script for example).

I fixed all minor and trivial issues (I hope) and I tried remove all unused imports.

Commits:

https://github.com/bcvsolutions/CzechIdMng/commit/a2e1799bdc63b0a9c26505552f8d3e8ec11275ef
https://github.com/bcvsolutions/CzechIdMng/commit/9eb2ff9e8ca6999b092114f58bd737a5e818e289

Actions #20

Updated by Radek Tomiška over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 90 to 100

I did code revie again, thx for fixes.

Actions #21

Updated by Radek Tomiška about 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF