Task #775
closed
Missing Identifier in the attribute mapping for provisioning, error during roles request
Added by Alena Peterová over 6 years ago.
Updated over 6 years ago.
Category:
Attribute mapping
Description
Affects version: 7.5.0
When there is no attribute marked as "Identifier" in the attributes mapping for provisioning, I can't request for the role which assigns this system. The role request results in the error, which doesn't tell me anything:
org.springframework.transaction.TransactionSystemException: Could not commit JPA transaction; nested exception is javax.persistence.RollbackException: Transaction marked as rollbackOnly
Only after I got to the catalina.out, I found out that
DefaultIdmRoleRequestService : UID attribute (mapped attribute marked as 'Is identifier') was not found for system LDAP. UID attribute is mandatory for provisioning/sync!
So please make it more user-friendly:
- When configuring the provisioning mapping, warn me if Identifier is not there yet
When the role request is not successful, show the real cause in the log this is already in progress in #480
Just note: I didn't mark any attribute as Identifier, but I expected that the identifier would be "__NAME__" by default.
Since it wasn't written in the admin guide (I added it) and I didn't have access to catalina.out, it took me quite some time to find out the problem.
- Description updated (diff)
+ maybe do not allow to add the scheme that does not have an identificator, to the role. At least pop up warning...
- Assignee set to Patrik Stloukal
- Target version set to Forsterite (7.6.0)
intoduction to problem, studium implementation of similar solution
modified service, controller, added new exception for validation attributes (backend)
working on mapping and service (frontend)
- Status changed from New to In Progress
almost completed frontend
todo: do not run validate() if isNew()
questionmark - explaining situation
- Status changed from In Progress to Needs feedback
- Assignee changed from Patrik Stloukal to Vít Švanda
- % Done changed from 0 to 90
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Patrik Stloukal
- % Done changed from 90 to 70
I did review. Basically works, but I found some issues:
Theme for next useful validation: Sync mapping for contracts - must exist some mapped attribute with "entityAttribute=true" and "idmPropertyName=identity".
- % Done changed from 70 to 80
resolving isues from feedback,
completed another validation (Sync mapping for contracts - must exist some mapped attribute with "entityAttribute=true" and "idmPropertyName=identity")
todo:
Error code "SYSTEM_MAPPING_VALIDATION" is not translated. Look to the message history.
- Status changed from In Progress to Needs feedback
- Assignee changed from Patrik Stloukal to Vít Švanda
- % Done changed from 80 to 90
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Patrik Stloukal
Issues:
- DefaultSysSystemMappingService.validate :
* Validation for missing owner must works only for contract mapping, not for all!
* "identity" string should be a constant.
* Variable "isError" is implemented as noError ... it is confusing. This variable is not global for all validations but only for every validation.
* ValidationMessageSystemMapping - should be more dynamic. It is not necessary have dependency for every validation keys.
* Localization of validation messages can be split to info and message part.
frontend - resolving issues
- Status changed from In Progress to Needs feedback
- Assignee changed from Patrik Stloukal to Vít Švanda
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Patrik Stloukal
- % Done changed from 90 to 100
I tested it and did review. Works correctly.
I fixed minor issues and not working test "testSystemMappingValidationSynchronizationMissingOwner";
- Status changed from Resolved to Closed
Also available in: Atom
PDF
