comanage-users - Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup
Subject: COmanage Users List
List archive
- From: Michiel Uitdehaag <>
- To: <>
- Subject: Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup
- Date: Fri, 1 Jun 2018 11:54:12 +0200
- Ironport-phdr: 9a23:hiyF9hMaUjbij+AD200l6mtUPXoX/o7sNwtQ0KIMzox0Ivr+rarrMEGX3/hxlliBBdydt6oZzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlIiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkaKTA5/mHZhM9+gq1Vrx2upQBwzYHPbYGJN/dzZL/Rcc8USGdDWMtaSixPApm7b4sKF+cPOudYoJX9p1sPsxS+ARSnC+3uyj9Um3D5w6063P47HgHJwQctGNcOsHXIo9X1NacdT+S1wLPVzTXCc/NZxCny6IjSfR87rvGBRqlwcdfLyUkhEQPKkEmQpZbjPzORz+kAtXWQ4eRnVeKqkWEnqgdxryCuxscqlonGmJgVylba+iVl3oo5P8O3R1NmYdK8H5tQtj2aN4trQsw5WW1npCE6yrgAtJWmfyYK0IwqywPQZvGHaYSE/gjvWPuLLTp3mn5pYLGyihmo/UWjyODwTNe43VlLoyZfjNXBsnYA3AHJ5MedUPty5EKh1C6P1w/N7uFEJlg5la3GK549zbM8iIMfvl7GHi/tgkn2iaGWel8/+ui18eTnbK/qppmCOI9okg3+M6IuldKjAekgLwQDUGiW9f6g2LH54EH1WrpHguMunqncqp/aJMAbpqCjAw9S14Yu8xO/Dza639QYnHkIMlZFdAiaj4joJ1HBPe73DfeljFu2nzdm3OvGPqD7ApXDKHjMjqvhcax7605Y0AYz18xQ54pICrEdJ/L+QlP+tNvdDhAjNQy72ennB8tk2oMDQmKAHLWZMLjJvF+M5+IvOPWMZJQLtDrnKvgl4eLugmEjmV8bY6apwYUbZGqmEft7PkXKKUbr14MKFmIDuAMxQan3k1CYShZSYWq/RaQx+mt9BY67W9TtXIeo1ZmA1ye6E5keW2FaBl2MGH7nP9GBWvwMaS+WZNJgjjAJVbGoRKc6yAugsgLmjbxjeLmHshYEvI7ugYAmr9bYkgs/oGR5
Hi Nick,
I think I ran into a similar issue while developing an EnvSource-type
OIS plugin.
AFAICS, the EnvSource plugin allows creating a linked OrgIdentity during
(directly after) 'petitioner authentication' and during (directly after)
'enrollee authentication'. The first mode ('authenticate') is meant for
self-signup, where petitioner==enrollee. The second mode ('identify')
would be for 'invite-flow' where petitioner != enrollee.
There is an issue with the enrollment flow where it will not work if you
specify mode 'identify' for 'self-signup' enrollment flows. I created a
pull request to fix this, allowing you to create an OrgIdentity after
the enrollee has authenticated (if the enrollment flow specifies that
ofcourse): https://github.com/Internet2/comanage-registry/pull/49
If you run into this issue, the enrollment flow stops at the
'confirmation' stage with an error. It could be that you are running
into a similar problem here.
In both cases, the OIS plugin only creates an OrgIdentity. There is no
code path to use this OrgIdentity as a basis for creating Enrollment
Flow attributes.
The enrollment flow attributes are used at a later stage to create the
COPerson object.
The only way to prefill enrollment flow attributes at the moment (again,
as far as I can see), is to specify the environment variables to be used
for that with the definition of the enrollment flow attributes. I am
currently struggling with this as well.
What I would like to see, is that the linked OrgIdentities from
authorative sources (like EnvSource) can be used as a basis for filling
the Enrollment Flow attributes, which is then used to create the
COPerson object. I am still trying to find out if this is possible, but
hidden in some plugin callout, but at this point, I think the
'petitionerAttributes' stage only calls
CoEnrollmentAttribute->mapEnvAttributes() and has no other code path to
map attributes to enrollment attributes. It could be that this is
fixable with an enrollment-plugin, but I am not quite there yet.
Regards,
Michiel Uitdehaag
SURFnet
On 01-06-18 09:23, Nick Evangelou wrote:
> Hello Benn,
>
> When I run the enrollment with CO Person/CO Person Role attributes, in the
> "Collect Petitioner Attributes" form the fields are not field with
> environment values (as it should be?).
>
> In "Organizational Identity Source Records” there is an “Attached
> Identity”, and I think I spotted the error. The name attributes are null.
>
> So, is there a way to create a CoPerson with the environment variables of
> an orgIdentity using the EnvSource Plugin?
>
> Thank you,
> Nick
>
>
>
>> On 1 Jun 2018, at 02:53, Benn Oshrin
>> <>
>> wrote:
>>
>> Hi Nick,
>>
>> After the enrollment, is there an Org Identity attached to the CO Person
>> record? If so, is the expected ePUID present in the Org Identity?
>>
>> Also, in the CO Petition record created from the enrollment, is there an
>> entry for "Organizational Identity Source Records" under "Attached
>> Identities"?
>>
>> Thanks,
>>
>> -Benn-
>>
>> On 5/30/18 10:04 AM, Nick Evangelou wrote:
>>> Hello everyone,
>>>
>>> I’m trying to create an enrollment flow to signup user. As known, in
>>> Registry 4.0.0 CMP enrollment attributes will be removed, so I’m using
>>> env Source to retrieve environment variables as described
>>> here:
>>> https://spaces.internet2.edu/display/COmanage/Consuming+External+Attributes+via+Web+Server+Environment+Variables#ConsumingExternalAttributesviaWebServerEnvironmentVariables-SelfSignup
>>>
>>> I execute all the steps as mentioned.
>>> In step 1d I set the following attributes:
>>>
>>> Identifier: eduPersonUniqueId
>>> Given Name (Official): givenName
>>> Family Name (Official): sn
>>> Identifier (ePUID): eduPersonUniqueId (marked as login)
>>> Email (Official): mail
>>> Affiliation: eduPersonPrimaryAffiliation
>>> Organisation: schacHomeOrganization
>>>
>>>
>>> In step 3 I create the following attributes:
>>>
>>> Name (Official, CO Person)
>>> Email (Official, CO Person)
>>> Affiliation (CO Person Role)
>>> Valid From (CO Person Role)
>>> Valid Through (CO Person Role)
>>>
>>>
>>> After running the enrollment flow a message pops up that to user isn’t
>>> associated with a coPerson and should contact the admin to resolve this.
>>> I have tried to turn of amp enrollment attributes and try again, but
>>> nothing changed.
>>>
>>> Could you provide me with more info or spot my mistake in this process?
>>>
>>> Regards,
>>> Nick
- Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup, Nick Evangelou, 06/01/2018
- Re: [comanage-users] Env Source Plugin doesn't create coPerson on signup, Michiel Uitdehaag, 06/01/2018
Archive powered by MHonArc 2.6.19.