Task #2985
closed
Synchronization of of group memberships does not work, when account uid is different in IdM and on system
Added by Peter Štrunc over 2 years ago.
Updated over 2 years ago.
Description
When searching for an identity to which it should assign roles, role synchronization assumes that connector-object uid is the same as IdentityAccount uid. This is not always true, because account identifier can be different (for example when uid is generated by the system).
- Status changed from New to Needs feedback
- % Done changed from 0 to 70
I developed a somehow naive solution, using SysSystemEntityDto uid, which is always the same as connector-object uid. The drawback is that for each member sync now does two more db queries (those queries are fairly quick though).
It would not be too big a hassle to implement specific criteria query for searching for IdentityAccount by corresponding SystemEntity uid, but I need this functionality quickly.
Everything is here: https://github.com/bcvsolutions/CzechIdMng/commit/9f1cd8d67218452efff58884c69da569ac3aa3de
I run all the tests and it looks good. I also tested it in a project environment and it also now works as expected. @svandav Would you please review my changes?
- Target version set to 11.2.2
- Status changed from Needs feedback to Resolved
- % Done changed from 70 to 100
- Related to Task #2986: Refactor SysSystemEntityRepository find method to criteria. added
- Status changed from Resolved to Closed
Also available in: Atom
PDF