Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup

Subject: COmanage Users List

List archive

Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup

Chronological Thread 
  • From: Michiel Uitdehaag <>
  • To: <>
  • Subject: Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup
  • Date: Fri, 1 Jun 2018 11:54:12 +0200
  • Ironport-phdr: 9a23:hiyF9hMaUjbij+AD200l6mtUPXoX/o7sNwtQ0KIMzox0Ivr+rarrMEGX3/hxlliBBdydt6oZzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlIiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkaKTA5/mHZhM9+gq1Vrx2upQBwzYHPbYGJN/dzZL/Rcc8USGdDWMtaSixPApm7b4sKF+cPOudYoJX9p1sPsxS+ARSnC+3uyj9Um3D5w6063P47HgHJwQctGNcOsHXIo9X1NacdT+S1wLPVzTXCc/NZxCny6IjSfR87rvGBRqlwcdfLyUkhEQPKkEmQpZbjPzORz+kAtXWQ4eRnVeKqkWEnqgdxryCuxscqlonGmJgVylba+iVl3oo5P8O3R1NmYdK8H5tQtj2aN4trQsw5WW1npCE6yrgAtJWmfyYK0IwqywPQZvGHaYSE/gjvWPuLLTp3mn5pYLGyihmo/UWjyODwTNe43VlLoyZfjNXBsnYA3AHJ5MedUPty5EKh1C6P1w/N7uFEJlg5la3GK549zbM8iIMfvl7GHi/tgkn2iaGWel8/+ui18eTnbK/qppmCOI9okg3+M6IuldKjAekgLwQDUGiW9f6g2LH54EH1WrpHguMunqncqp/aJMAbpqCjAw9S14Yu8xO/Dza639QYnHkIMlZFdAiaj4joJ1HBPe73DfeljFu2nzdm3OvGPqD7ApXDKHjMjqvhcax7605Y0AYz18xQ54pICrEdJ/L+QlP+tNvdDhAjNQy72ennB8tk2oMDQmKAHLWZMLjJvF+M5+IvOPWMZJQLtDrnKvgl4eLugmEjmV8bY6apwYUbZGqmEft7PkXKKUbr14MKFmIDuAMxQan3k1CYShZSYWq/RaQx+mt9BY67W9TtXIeo1ZmA1ye6E5keW2FaBl2MGH7nP9GBWvwMaS+WZNJgjjAJVbGoRKc6yAugsgLmjbxjeLmHshYEvI7ugYAmr9bYkgs/oGR5

Hi Nick,

I think I ran into a similar issue while developing an EnvSource-type
OIS plugin.

AFAICS, the EnvSource plugin allows creating a linked OrgIdentity during
(directly after) 'petitioner authentication' and during (directly after)
'enrollee authentication'. The first mode ('authenticate') is meant for
self-signup, where petitioner==enrollee. The second mode ('identify')
would be for 'invite-flow' where petitioner != enrollee.

There is an issue with the enrollment flow where it will not work if you
specify mode 'identify' for 'self-signup' enrollment flows. I created a
pull request to fix this, allowing you to create an OrgIdentity after
the enrollee has authenticated (if the enrollment flow specifies that
If you run into this issue, the enrollment flow stops at the
'confirmation' stage with an error. It could be that you are running
into a similar problem here.

In both cases, the OIS plugin only creates an OrgIdentity. There is no
code path to use this OrgIdentity as a basis for creating Enrollment
Flow attributes.
The enrollment flow attributes are used at a later stage to create the
COPerson object.

The only way to prefill enrollment flow attributes at the moment (again,
as far as I can see), is to specify the environment variables to be used
for that with the definition of the enrollment flow attributes. I am
currently struggling with this as well.

What I would like to see, is that the linked OrgIdentities from
authorative sources (like EnvSource) can be used as a basis for filling
the Enrollment Flow attributes, which is then used to create the
COPerson object. I am still trying to find out if this is possible, but
hidden in some plugin callout, but at this point, I think the
'petitionerAttributes' stage only calls
CoEnrollmentAttribute->mapEnvAttributes() and has no other code path to
map attributes to enrollment attributes. It could be that this is
fixable with an enrollment-plugin, but I am not quite there yet.


Michiel Uitdehaag

On 01-06-18 09:23, Nick Evangelou wrote:
> Hello Benn,
> When I run the enrollment with CO Person/CO Person Role attributes, in the
> "Collect Petitioner Attributes" form the fields are not field with
> environment values (as it should be?).
> In "Organizational Identity Source Records” there is an “Attached
> Identity”, and I think I spotted the error. The name attributes are null.
> So, is there a way to create a CoPerson with the environment variables of
> an orgIdentity using the EnvSource Plugin?
> Thank you,
> Nick
>> On 1 Jun 2018, at 02:53, Benn Oshrin
>> <>
>> wrote:
>> Hi Nick,
>> After the enrollment, is there an Org Identity attached to the CO Person
>> record? If so, is the expected ePUID present in the Org Identity?
>> Also, in the CO Petition record created from the enrollment, is there an
>> entry for "Organizational Identity Source Records" under "Attached
>> Identities"?
>> Thanks,
>> -Benn-
>> On 5/30/18 10:04 AM, Nick Evangelou wrote:
>>> Hello everyone,
>>> I’m trying to create an enrollment flow to signup user. As known, in
>>> Registry 4.0.0 CMP enrollment attributes will be removed, so I’m using
>>> env Source to retrieve environment variables as described
>>> here:
>>> I execute all the steps as mentioned.
>>> In step 1d I set the following attributes:
>>> Identifier: eduPersonUniqueId
>>> Given Name (Official): givenName
>>> Family Name (Official): sn
>>> Identifier (ePUID): eduPersonUniqueId (marked as login)
>>> Email (Official): mail
>>> Affiliation: eduPersonPrimaryAffiliation
>>> Organisation: schacHomeOrganization
>>> In step 3 I create the following attributes:
>>> Name (Official, CO Person)
>>> Email (Official, CO Person)
>>> Affiliation (CO Person Role)
>>> Valid From (CO Person Role)
>>> Valid Through (CO Person Role)
>>> After running the enrollment flow a message pops up that to user isn’t
>>> associated with a coPerson and should contact the admin to resolve this.
>>> I have tried to turn of amp enrollment attributes and try again, but
>>> nothing changed.
>>> Could you provide me with more info or spot my mistake in this process?
>>> Regards,
>>> Nick

Archive powered by MHonArc 2.6.19.

Top of Page