Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Enrolling no implemented?

Subject: COmanage Users List

List archive

Re: [comanage-users] Enrolling no implemented?

Chronological Thread 
  • From: Benn Oshrin <>
  • To: Niels van Dijk <>
  • Cc:
  • Subject: Re: [comanage-users] Enrolling no implemented?
  • Date: Sat, 26 Apr 2014 18:28:11 -0400

I've just pushed a commit to develop that should fix this.

Relatedly, most of your attributes were optional. (This triggered the bug.) While you can do that, you might not want to. eg: Someone can submit a petition without specifying their name, which doesn't seem right.

Also, your enrollment requests ePPN, but also requires authentication. When you require authentication, COmanage will automatically store the authenticated identifier as an ePPN attached to the org identity (after the user clicks the link in email and authenticates). See



On 4/3/14 9:39 AM, Niels van Dijk wrote:

I now have enable the ability to set urganisational data during the
enrollment. THis indeed now allowes me to select OrgID (official) and
OrgEmail (official)

So now my enrollment form look slike this:
ORG EMAIL Email (Official, Organizational Identity)
ORG ID Identifier (ePPN, Organizational Identity)
Org Name Name (Official, Organizational Identity)
VO Name Name (Official, CO Person)
Affiliation Affiliation (CO Person Role)
Your group COU (CO Person Role)

I have configured SHib to deliver the following attribute mappings (and
they work):
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]: CMP_EF_SN (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]: CMP_EF_GIVENNAME
(1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]: CMP_EF_MAIL (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]: shib-eppn (1 values)
2014-04-03 13:15:16 INFO Shibboleth-TRANSACTION [7]: shib-persistent-id
(1 values)

And I have configured CM to use these as follows:
(see screenshot)

Its a bit unclear to me if I should make sure alle attributes are
actually being mapped, or if I can just ignore the ones I have no
mapping for.

When I now start a new enrollment, I get the right fields. However no
values are copied in from the saml attribute data. I see no errors in
the error log at this time.

I can then submit a form, so the not implemented error is gone, but this
now yields the following error:
"(Org Identity 7) has no known email address.
Add an email address and then try again."

Any suggestions?


On 28-03-14 14:09, Benn Oshrin wrote:
On 3/28/14 6:08 AM, Niels van Dijk wrote:

Ok, I've added OrgId and Orgname as following:
Org Email Email (Official, CO Person)

This should be "Email (Official, Org Identity)".

If you don't see the Org Identity versions in the popup, review these

Org ID Identifier (ePPN, CO Person)

You don't need this if authentication is required.

Name Name (Official, CO Person)

You also need "Name (Official, Org Identity)".

Affiliation Affiliation (CO Person Role)
Your group COU (CO Person Role)

From the sentence above ("pre-populated") I get the impression it is the
person who will be enrolled who fills in the enrolment form. That would
assume s/he received an invite from e.g. the CO admin, but as soon as I
create a enrolment, invites are no longer available. Or do I as a
petitioner fill in the form which is then triggering an invite to the
enrollee? If the latter is the case I would expect not to have to fill
in the org id and org email, as that will be done when the enrollee
logs in?

In addition I do not see the attributes being pre-populated, so I assume
'something' is wrong. I assume everything else means the mapping of the
incoming attributes from Shib to Comange, as is defined in

If you're trying to collect attributes via SAML, then you must be doing
some variation of self signup with authentication. (Attributes are
pre-populated based on the currently authenticated user.)

Since the new enrollee doesn't have the ability to login to the Registry
yet, you need to provide the enrollee with the enrollment flow URL. As
an administrator, select "Enroll" via the menu or the link on the CO
Person index page and you will be presented with a list of available
enrollment flows. Copy the URL for the appropriate "Begin" button, it
will look something like this:

That's the URL the enrollee needs to start the enrollment. This will
generate the form, trigger authentication, and generate email
click-to-confirm messages according to your configuration.

Finally, if I pre-fill all values in my enrolment form manually (so also
ORg Id and ORg Email, I still get "not implemented".

See above.

I not that at the same time in te error log I get:

2014-03-28 10:04:28 Error: [InvalidArgumentException] No CO Specified
Request URL:

Stack Trace:

#1 [internal function]:

call_user_func(Array, Object(CakeEvent))



Dispatcher->_invoke(Object(CoPeopleController), Object(CakeRequest),
#6 /var/www/data/comanage-registry-0.8.5/app/webroot/index.php(96):
Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#7 {main}

There is no way however to define the CO in the enrolment I think, other
then using the enrolment flow defiend for that CO?

I think this is a bug. I'll try to reproduce it. It shouldn't prevent
the enrollment from completing, but it will prevent advisory matching
from working. You could set matching to "None" to stop the error.



Archive powered by MHonArc 2.6.16.

Top of Page