COmanage Users List

[Niels van Dijk <>]

On 28-03-14 14:09, Benn Oshrin wrote:
> On 3/28/14 6:08 AM, Niels van Dijk wrote:
> 
>> Ok, I've added OrgId and Orgname as following:
>> Org Email    Email (Official, CO Person)
> 
> This should be "Email (Official, Org Identity)".
> 
> If you don't see the Org Identity versions in the popup, review these
> instructions:
> 

I indeed do not see these in the selectbox

> https://spaces.internet2.edu/display/COmanage/Registry+Enrollment+Flow+Configuration#RegistryEnrollmentFlowConfiguration-CreatingOrganizationalIdentitiesAsPartofAnEnrollmentFlow

Mmm I am puzzled now: I assume you are referring to the section called
"Creating Organizational Identities As Part of An Enrollment Flow" which
I think states: "For COs that *will not* collect Organizational
Identities from authoritative sources (*ie: via LDAP or SAML*), ...".

As I am trying to collect Org IDs via SAML, this leads me to belief this
section is not relevant. Am I missing something here?
- I have ticked "Enable Environment Attribute Retrieval"
- I have configured Shib to deliver "CMP_EF_GIVENNAME","shib-eppn", and
"CMP_EF_MAIL" and accoring to Shib log these are correctly mapped and
delivered.



> 
> 
>> Org ID         Identifier (ePPN, CO Person)
> 
> You don't need this if authentication is required.
> 
>> Name         Name (Official, CO Person)
> 
> You also need "Name (Official, Org Identity)".
> 
>> Affiliation     Affiliation (CO Person Role)
>> Your group     COU (CO Person Role)
> 
>> From the sentence above ("pre-populated") I get the impression it is the
>> person who will be enrolled who fills in the enrolment form. That would
>> assume s/he received an invite from e.g. the CO admin, but as soon as I
>> create a enrolment, invites are no longer available. Or do I as a
>> petitioner fill in the form which is then triggering an invite to the
>> enrollee? If the latter is the case I would expect not to have to fill
>> in the org id and org email, as that will be done when the enrollee
>> logs in?
>>
>> In addition I do not see the attributes being pre-populated, so I assume
>> 'something' is wrong. I assume everything else means the mapping of the
>> incoming attributes from Shib to Comange, as is defined in
> 
> If you're trying to collect attributes via SAML, then you must be doing
> some variation of self signup with authentication. (Attributes are
> pre-populated based on the currently authenticated user.)
> 
> Since the new enrollee doesn't have the ability to login to the Registry
> yet, you need to provide the enrollee with the enrollment flow URL. As
> an administrator, select "Enroll" via the menu or the link on the CO
> Person index page and you will be presented with a list of available
> enrollment flows. Copy the URL for the appropriate "Begin" button, it
> will look something like this:
> 
>  https://myhost.com/registry/co_petitions/add/coef:12/co:2
> 
> That's the URL the enrollee needs to start the enrollment. This will
> generate the form, trigger authentication, and generate email
> click-to-confirm messages according to your configuration.
> 

Aha! I now understand my misinterpretation of the enrollment flow. I was
assuming Comanage would take care of sending out the invite as part of
the enrollment. Ok that is clear



>> Finally, if I pre-fill all values in my enrolment form manually (so also
>> ORg Id and ORg Email, I still get "not implemented".
> 
> See above.
> 
>> I not that at the same time in te error log I get:
>>
>> 2014-03-28 10:04:28 Error: [InvalidArgumentException] No CO Specified
>> Request URL:
>> /registry/co_people/match/co:3/coef:8/given:Me/family:and%20I?%2Fco_people%2Fmatch%2Fco%3A3%2Fcoef%3A8%2Fgiven%3AMe%2Ffamily%3Aand_I=
>>
>> Stack Trace:
>> #0
>> /var/www/data/comanage-registry-0.8.5/app/Controller/CoPeopleController.php(70):
>>
>> AppController->beforeFilter()
>> #1 [internal function]:
>> CoPeopleController->beforeFilter(Object(CakeEvent))
>> #2
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Event/CakeEventManager.php(247):
>>
>> call_user_func(Array, Object(CakeEvent))
>> #3
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Controller/Controller.php(674):
>>
>> CakeEventManager->dispatch(Object(CakeEvent))
>> #4
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Routing/Dispatcher.php(182):
>>
>> Controller->startupProcess()
>> #5
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Routing/Dispatcher.php(160):
>>
>> Dispatcher->_invoke(Object(CoPeopleController), Object(CakeRequest),
>> Object(CakeResponse))
>> #6 /var/www/data/comanage-registry-0.8.5/app/webroot/index.php(96):
>> Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
>> #7 {main}
>>
>> There is no way however to define the CO in the enrolment I think, other
>> then using the enrolment flow defiend for that CO?
> 
> I think this is a bug. I'll try to reproduce it. It shouldn't prevent
> the enrollment from completing, but it will prevent advisory matching
> from working. You could set matching to "None" to stop the error.
> 

Indeed I can confirm that when setting matching to none the error is gone.

Thanks,
Niels