Feature #3161
closed
Support for multiple provisioning mappings
100%
Related issues
Updated by Roman Kučera almost 2 years ago
- Blocks Feature #3154: Provisioning of technical accounts added
Updated by Roman Kučera almost 2 years ago
- Blocks Feature #3155: Provisioning of other accounts added
Updated by Roman Kučera almost 2 years ago
- Status changed from New to In Progress
- Assignee set to Roman Kučera
Updated by Roman Kučera almost 2 years ago
- % Done changed from 0 to 40
Implementation is still in progress in https://github.com/bcvsolutions/CzechIdMng/tree/kucerar/3161-multiple-provisioning-mapping
What is working- create multiple provisioning mapping from FE
- Saving provisioning mapping id to AccAccount as new attribute in table.
- Using this saved provisioning id in provisioning
- Value for provisioning id is used from role system mapping.
- Create and update via multiple provisioning works on VS after some basic testing
refactor, cleanup- tests
debug operations if provisioning id is loaded correctly from AccAccountTest it against real systemAdd selectbox with mapping when user wants to create account manually- maybe some other stuff :)
Updated by Roman Kučera almost 2 years ago
- % Done changed from 40 to 60
- We have accounts on system, but they are without relation to provisioning mapping
- During provisioning we will update the account a create the relation
Mapping is search in role for identity
For all other entities we will get first from system (in most cases there will be only one so it should be no issue)
tests - some tests are broken, I need to validate why is that (I think some of them must be broken even before)test again real systemflywaymaybe some other stuff :)
Updated by Roman Kučera over 1 year ago
- Sprint set to Sprint 12.3-1 (Aug 03 - Aug 17)
Updated by Roman Kučera over 1 year ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Roman Kučera to Tomáš Doischer
- % Done changed from 60 to 90
@doischert can you do a review please?
https://github.com/bcvsolutions/CzechIdMng/pull/246
Updated by Tomáš Doischer over 1 year ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Tomáš Doischer to Roman Kučera
- % Done changed from 90 to 80
The code looks good and I have very minor notes.
During testing, I found that roles with permissions on the system (as in AD groups) will still be provisioned even if the mapping used in the role is different than the one on the account. This should be changed.
Updated by Roman Kučera over 1 year ago
- Precedes Feature #3160: Connect synchronization mapping with provisioning mapping by account type added
Updated by Roman Kučera over 1 year ago
I also tested following behavior
- I have user without roles
- I have system (VS) with two provisioning mapping. Each mapping has "rights" attribute for permissions
- I have two login roles, one for each mapping
- I have permissions roles for first mapping (option to create account is not selected in role)
- Assign first login role together with permission roles.
- User has account with two permissions
- Change mapping on account detail to the other one.
- Resave user and values from attribute "rights" are removed. Account still exists a only value which changed is the "rights" attribute
- Change mapping back
- Resave user a values in "rights" attributes are back.
I also tested use case, where permission roles has "create account" checked and it behaves exactly in the same way.
This behavior look good to me. But we can discuss it more.
Updated by Roman Kučera over 1 year ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Roman Kučera to Tomáš Doischer
Updated by Tomáš Doischer over 1 year ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Tomáš Doischer to Roman Kučera
- % Done changed from 80 to 100
Thank you, merged to develop.
Updated by Tomáš Doischer about 1 year ago
- Status changed from Resolved to Closed