Task #513
closed
Identity account agenda displays wrong account - system mapping
Added by Jan Helbich over 7 years ago.
Updated over 7 years ago.
Category:
Account managment
Description
Please take a look at attached image.
I have role "ISOP-uzivatel" - assigns system "ISOP - uzivatele" and role "LDAP" - assigns system "LDAP - uzivatele". UIDs are the same for both systems. Therefore I'd expect the user to have 2 accounts (corrects), which point to both systems - fails here and shows only ISOP - uzivatele.
The really strange thing here is that sometimes this does not happen and account are displayed right.
Files
Another weird usecase:
I had protected mode on a system (LDAP), clicked: Users -> myuser@example -> Accounts -> select account -> remove. Now the account fell into the protected mode.
The user had 2 contracts, both have automatic role (LDAP - user) assigned, therefore the user now has 2 roles LDAP-user and 1 LDAP account in protected mode. So far so good.
Now I wanted to force IdM to cancel the protection on the account, therefore I've added another LDAP-user role to my user. As a result, the protected mode was cancelled (good), but there are 3 account displayed now in the agenda (bad). Please take a look at attached screenshot.
- Assignee changed from Vít Švanda to Radek Tomiška
- Related to Task #243: Identity profile - account list added
- % Done changed from 0 to 10
I've reproduced the second scenario - this is correct behavior, i think, because identity accounts are shown in the identity accounts table - relations to accounts (see #243) and you have three roles at the end.
I continue with the first scenario.
- Status changed from New to In Progress
- Assignee changed from Radek Tomiška to Jan Helbich
I'm not able to reproduce the first scenario. Had you roles assigned by automatic role or manually or account was created manually?
- Status changed from In Progress to Needs feedback
- Assignee changed from Jan Helbich to Vít Švanda
- Target version changed from Diamond (7.4.0) to Citrine (7.3.0)
- % Done changed from 10 to 90
After some consultation with Honza and Marcel (thx for them), i was able to reproduce all issues:
- fixed: identity accounts were not created for all identity roles on the same role and target system - i've moved check to different stream (we could find better place, when review will be done)
- fixed: identity accounts was assigned to random target system (restriction to target system in account mapping was missing)
Could you pls do a test and review?
- Status changed from Needs feedback to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
Now works fine.
Thanks for fix this my bugs (it had to be hard to find the cause).
Also available in: Atom
PDF
