Project

General

Profile

Actions

Task #775

closed

Missing Identifier in the attribute mapping for provisioning, error during roles request

Added by Alena Peterová about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Patrik Stloukal
Category:
Attribute mapping
Target version:
Start date:
10/23/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Affects version: 7.5.0

When there is no attribute marked as "Identifier" in the attributes mapping for provisioning, I can't request for the role which assigns this system. The role request results in the error, which doesn't tell me anything:

 org.springframework.transaction.TransactionSystemException: Could not commit JPA transaction; nested exception is javax.persistence.RollbackException: Transaction marked as rollbackOnly

Only after I got to the catalina.out, I found out that

DefaultIdmRoleRequestService : UID attribute (mapped attribute marked as 'Is identifier') was not found for system LDAP. UID attribute is mandatory for provisioning/sync!

So please make it more user-friendly:
  • When configuring the provisioning mapping, warn me if Identifier is not there yet
  • When the role request is not successful, show the real cause in the log this is already in progress in #480
Actions #1

Updated by Alena Peterová about 7 years ago

Just note: I didn't mark any attribute as Identifier, but I expected that the identifier would be "__NAME__" by default.
Since it wasn't written in the admin guide (I added it) and I didn't have access to catalina.out, it took me quite some time to find out the problem.

Actions #2

Updated by Alena Peterová about 7 years ago

  • Description updated (diff)
Actions #3

Updated by Marcel Poul about 7 years ago

+ maybe do not allow to add the scheme that does not have an identificator, to the role. At least pop up warning...

Actions #4

Updated by Vít Švanda about 7 years ago

  • Assignee set to Patrik Stloukal
  • Target version set to Forsterite (7.6.0)
Actions #5

Updated by Patrik Stloukal about 7 years ago

intoduction to problem, studium implementation of similar solution

Actions #6

Updated by Patrik Stloukal about 7 years ago

modified service, controller, added new exception for validation attributes (backend)
working on mapping and service (frontend)

Actions #7

Updated by Patrik Stloukal about 7 years ago

  • Status changed from New to In Progress

almost completed frontend
todo: do not run validate() if isNew()
questionmark - explaining situation

Actions #8

Updated by Patrik Stloukal about 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Patrik Stloukal to Vít Švanda
  • % Done changed from 0 to 90

added info message ( question mark not added - there isn't localization)
fixed assertNotNull -> dont call method if component is new

please look on functionality, I added aditional info into new alert level info, so look if its ok.
commit:
https://github.com/bcvsolutions/CzechIdMng/commit/55f4e200f0c34b37fa8655a8e45246aae5c166ca

Actions #9

Updated by Vít Švanda about 7 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Patrik Stloukal
  • % Done changed from 90 to 70

I did review. Basically works, but I found some issues:

  • SysSystemMappingController - Method validate is not secured (@PreAuthorize("hasAuthority('" + AccGroupPermission.SYSTEM_READ + "')")).
  • Test (on BE) for SysSystemMappingService.validate missing.
  • Design:
    • Warning message move up (under main title).
    • Use span 12.
    • Merge the warning and info message to only one.
  • JavaDoc is "hard coded" for validate missing identifier only. We want the universal validation.
  • Method on FE: "showMissingIdentifier" is "hard coded" for validate missing identifier only. We want the universal validation.
  • Method "showMissingIdentifier" should be "private", use prefix "_".
  • Description and author is missing in "ValidationMessageSystemMapping".
  • Error code "SYSTEM_MAPPING_VALIDATION" is not translated. Look to the message history.
  • Show validation message dependent on the exception parameter not by exception name (ValidationMessageSystemMapping).
  • FE: check on empty response should be 204 not 200.
  • SysSystemMappingController - validate method should be return empty response (204).
  • Use "Basic.Col" instead "<div col-col-lg-6".
  • Beware on code formating:
    <div className="col-lg-6 no-border last">
    <ValidationMessageSystemMapping error={validationError} />
    </div>
    
Actions #10

Updated by Vít Švanda about 7 years ago

Theme for next useful validation: Sync mapping for contracts - must exist some mapped attribute with "entityAttribute=true" and "idmPropertyName=identity".

Actions #11

Updated by Patrik Stloukal about 7 years ago

start with test

Actions #12

Updated by Patrik Stloukal about 7 years ago

  • % Done changed from 70 to 80

resolving isues from feedback,
completed another validation (Sync mapping for contracts - must exist some mapped attribute with "entityAttribute=true" and "idmPropertyName=identity")

todo:
Error code "SYSTEM_MAPPING_VALIDATION" is not translated. Look to the message history.

Actions #13

Updated by Patrik Stloukal about 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Patrik Stloukal to Vít Švanda
  • % Done changed from 80 to 90

issues from feedback resolved, error message localizated, but idm looks into core localization
please look into that and my implemented validation.

commit:
https://github.com/bcvsolutions/CzechIdMng/commit/f5aa40cfcdb8fcee68892d573aa17d015e1487ee

Actions #14

Updated by Patrik Stloukal about 7 years ago

Actions #15

Updated by Vít Švanda about 7 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Patrik Stloukal

Issues:

  • DefaultSysSystemMappingService.validate : * Validation for missing owner must works only for contract mapping, not for all! * "identity" string should be a constant. * Variable "isError" is implemented as noError ... it is confusing. This variable is not global for all validations but only for every validation. * ValidationMessageSystemMapping - should be more dynamic. It is not necessary have dependency for every validation keys. * Localization of validation messages can be split to info and message part.
Actions #16

Updated by Patrik Stloukal about 7 years ago

frontend - resolving issues

Actions #17

Updated by Patrik Stloukal about 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Patrik Stloukal to Vít Švanda

so I resolved issues from last time and I hope, you can write feedback, please.

commit:
https://github.com/bcvsolutions/CzechIdMng/commit/a5082b76a31a64cff3b68e90dd6bcd83e71ebe61

Actions #18

Updated by Vít Švanda about 7 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Patrik Stloukal
  • % Done changed from 90 to 100

I tested it and did review. Works correctly.
I fixed minor issues and not working test "testSystemMappingValidationSynchronizationMissingOwner";

Actions #19

Updated by Vít Švanda about 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF