COmanage Users List

[Michiel Uitdehaag <>]

Hi Nick,

I think I ran into a similar issue while developing an EnvSource-type
OIS plugin.

AFAICS, the EnvSource plugin allows creating a linked OrgIdentity during
(directly after) 'petitioner authentication' and during (directly after)
'enrollee authentication'. The first mode ('authenticate') is meant for
self-signup, where petitioner==enrollee. The second mode ('identify')
would be for 'invite-flow' where petitioner != enrollee.

There is an issue with the enrollment flow where it will not work if you
specify mode 'identify' for 'self-signup' enrollment flows. I created a
pull request to fix this, allowing you to create an OrgIdentity after
the enrollee has authenticated (if the enrollment flow specifies that
ofcourse): https://github.com/Internet2/comanage-registry/pull/49
If you run into this issue, the enrollment flow stops at the
'confirmation' stage with an error. It could be that you are running
into a similar problem here.

In both cases, the OIS plugin only creates an OrgIdentity. There is no
code path to use this OrgIdentity as a basis for creating Enrollment
Flow attributes.
The enrollment flow attributes are used at a later stage to create the
COPerson object.

The only way to prefill enrollment flow attributes at the moment (again,
as far as I can see), is to specify the environment variables to be used
for that with the definition of the enrollment flow attributes. I am
currently struggling with this as well.

What I would like to see, is that the linked OrgIdentities from
authorative sources (like EnvSource) can be used as a basis for filling
the Enrollment Flow attributes, which is then used to create the
COPerson object. I am still trying to find out if this is possible, but
hidden in some plugin callout, but at this point, I think the
'petitionerAttributes' stage only calls
CoEnrollmentAttribute->mapEnvAttributes() and has no other code path to
map attributes to enrollment attributes. It could be that this is
fixable with an enrollment-plugin, but I am not quite there yet.

Regards,

Michiel Uitdehaag
SURFnet





On 01-06-18 09:23, Nick Evangelou wrote:
> Hello Benn,
>
> When I run the enrollment with CO Person/CO Person Role attributes, in the 
> "Collect Petitioner Attributes" form the fields are not field with 
> environment values (as it should be?).
>
> In "Organizational Identity Source Records” there is an “Attached 
> Identity”, and I think I spotted the error. The name attributes are null.
>
> So, is there a way to create a CoPerson with the environment variables of 
> an orgIdentity using the EnvSource Plugin?
>
> Thank you,
> Nick
>
>
>
>> On 1 Jun 2018, at 02:53, Benn Oshrin 
>> <>
>>  wrote:
>>
>> Hi Nick,
>>
>> After the enrollment, is there an Org Identity attached to the CO Person
>> record? If so, is the expected ePUID present in the Org Identity?
>>
>> Also, in the CO Petition record created from the enrollment, is there an
>> entry for "Organizational Identity Source Records" under "Attached
>> Identities"?
>>
>> Thanks,
>>
>> -Benn-
>>
>> On 5/30/18 10:04 AM, Nick Evangelou wrote:
>>> Hello everyone,
>>>
>>> I’m trying to create an enrollment flow to signup user. As known, in
>>> Registry 4.0.0 CMP enrollment attributes will be removed, so I’m using
>>> env Source to retrieve environment variables as described
>>> here: 
>>> https://spaces.internet2.edu/display/COmanage/Consuming+External+Attributes+via+Web+Server+Environment+Variables#ConsumingExternalAttributesviaWebServerEnvironmentVariables-SelfSignup
>>>
>>> I execute all the steps as mentioned. 
>>> In step 1d I set the following attributes:
>>>
>>>    Identifier: eduPersonUniqueId
>>>    Given Name (Official): givenName
>>>    Family Name (Official): sn
>>>    Identifier (ePUID): eduPersonUniqueId (marked as login)
>>>    Email (Official): mail
>>>    Affiliation: eduPersonPrimaryAffiliation
>>>    Organisation: schacHomeOrganization
>>>
>>>
>>> In step 3 I create the following attributes:
>>>
>>>    Name (Official, CO Person)
>>>    Email (Official, CO Person)
>>>    Affiliation (CO Person Role)
>>>    Valid From (CO Person Role)
>>>    Valid Through (CO Person Role)
>>>
>>>
>>> After running the enrollment flow a message pops up that to user isn’t
>>> associated with a coPerson and should contact the admin to resolve this.
>>> I have tried to turn of amp enrollment attributes and try again, but
>>> nothing changed.
>>>
>>> Could you provide me with more info or spot my mistake in this process?
>>>
>>> Regards,
>>> Nick