COmanage Users List

[Niels van Dijk <>]

Ok,

I now have enable the ability to set urganisational data during the
enrollment. THis indeed now allowes me to select OrgID (official) and
OrgEmail (official)

So now my enrollment form look slike this:
ORG EMAIL       Email (Official, Organizational Identity)
ORG ID  Identifier (ePPN, Organizational Identity)
Org Name        Name (Official, Organizational Identity)
VO Name         Name (Official, CO Person)
Affiliation     Affiliation (CO Person Role)
Your group      COU (CO Person Role)

I have configured SHib to deliver the following attribute mappings (and
they work):
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]:    CMP_EF_SN (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]:    CMP_EF_GIVENNAME
(1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]:    CMP_EF_MAIL (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]:    shib-eppn (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]:    shib-persistent-id
(1 values)

And I have configured CM to use these as follows:
(see screenshot)

Its a bit unclear to me if I should make sure alle attributes are
actually being mapped, or if I can just ignore the ones I have no
mapping for.

When I now start a new enrollment, I get the right fields. However no
values are copied in from the saml attribute data. I see no errors in
the error log at this time.

I can then submit a form, so the not implemented error is gone, but this
now yields the following error:
"(Org Identity 7) has no known email address.
Add an email address and then try again."

Any suggestions?

thanks!
Niels


On 28-03-14 14:09, Benn Oshrin wrote:
> On 3/28/14 6:08 AM, Niels van Dijk wrote:
> 
>> Ok, I've added OrgId and Orgname as following:
>> Org Email    Email (Official, CO Person)
> 
> This should be "Email (Official, Org Identity)".
> 
> If you don't see the Org Identity versions in the popup, review these
> instructions:
> 
> https://spaces.internet2.edu/display/COmanage/Registry+Enrollment+Flow+Configuration#RegistryEnrollmentFlowConfiguration-CreatingOrganizationalIdentitiesAsPartofAnEnrollmentFlow
> 
> 
>> Org ID         Identifier (ePPN, CO Person)
> 
> You don't need this if authentication is required.
> 
>> Name         Name (Official, CO Person)
> 
> You also need "Name (Official, Org Identity)".
> 
>> Affiliation     Affiliation (CO Person Role)
>> Your group     COU (CO Person Role)
> 
>> From the sentence above ("pre-populated") I get the impression it is the
>> person who will be enrolled who fills in the enrolment form. That would
>> assume s/he received an invite from e.g. the CO admin, but as soon as I
>> create a enrolment, invites are no longer available. Or do I as a
>> petitioner fill in the form which is then triggering an invite to the
>> enrollee? If the latter is the case I would expect not to have to fill
>> in the org id and org email, as that will be done when the enrollee
>> logs in?
>>
>> In addition I do not see the attributes being pre-populated, so I assume
>> 'something' is wrong. I assume everything else means the mapping of the
>> incoming attributes from Shib to Comange, as is defined in
> 
> If you're trying to collect attributes via SAML, then you must be doing
> some variation of self signup with authentication. (Attributes are
> pre-populated based on the currently authenticated user.)
> 
> Since the new enrollee doesn't have the ability to login to the Registry
> yet, you need to provide the enrollee with the enrollment flow URL. As
> an administrator, select "Enroll" via the menu or the link on the CO
> Person index page and you will be presented with a list of available
> enrollment flows. Copy the URL for the appropriate "Begin" button, it
> will look something like this:
> 
>  https://myhost.com/registry/co_petitions/add/coef:12/co:2
> 
> That's the URL the enrollee needs to start the enrollment. This will
> generate the form, trigger authentication, and generate email
> click-to-confirm messages according to your configuration.
> 
>> Finally, if I pre-fill all values in my enrolment form manually (so also
>> ORg Id and ORg Email, I still get "not implemented".
> 
> See above.
> 
>> I not that at the same time in te error log I get:
>>
>> 2014-03-28 10:04:28 Error: [InvalidArgumentException] No CO Specified
>> Request URL:
>> /registry/co_people/match/co:3/coef:8/given:Me/family:and%20I?%2Fco_people%2Fmatch%2Fco%3A3%2Fcoef%3A8%2Fgiven%3AMe%2Ffamily%3Aand_I=
>>
>> Stack Trace:
>> #0
>> /var/www/data/comanage-registry-0.8.5/app/Controller/CoPeopleController.php(70):
>>
>> AppController->beforeFilter()
>> #1 [internal function]:
>> CoPeopleController->beforeFilter(Object(CakeEvent))
>> #2
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Event/CakeEventManager.php(247):
>>
>> call_user_func(Array, Object(CakeEvent))
>> #3
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Controller/Controller.php(674):
>>
>> CakeEventManager->dispatch(Object(CakeEvent))
>> #4
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Routing/Dispatcher.php(182):
>>
>> Controller->startupProcess()
>> #5
>> /var/www/data/comanage-registry-0.8.5/lib/Cake/Routing/Dispatcher.php(160):
>>
>> Dispatcher->_invoke(Object(CoPeopleController), Object(CakeRequest),
>> Object(CakeResponse))
>> #6 /var/www/data/comanage-registry-0.8.5/app/webroot/index.php(96):
>> Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
>> #7 {main}
>>
>> There is no way however to define the CO in the enrolment I think, other
>> then using the enrolment flow defiend for that CO?
> 
> I think this is a bug. I'll try to reproduce it. It shouldn't prevent
> the enrollment from completing, but it will prevent advisory matching
> from working. You could set matching to "None" to stop the error.
> 
> Thanks,
> 
> -Benn-
>

Attachment: Selection_073.jpg
Description: JPEG image