{ "id": "dcf79a45-b399-4ada-bfd4-bd797d3259b1", "titles": [ { "type": { "id": "f40562c9-684e-42da-96ae-44316fed2aa3" }, "value": "Math 101" }, {
ttaching to sentrifugo_data, complex2_targets_1, complex2_sources_1, complex2_midpoint_data_1, wordpress_data, complex2_directory_1, complex2_mq_1, complex2_grouper_data_1, sentrifugo_server, complex2_midpoint_server_1, wordpress_server, complex2_idp_1, complex2_grouper_daemon_1, complex2_grouper_ws_1, complex2_grouper_ui_1 | |
targets_1 | + log=/tmp/start.log | |
targets_1 | + echo 'Starting Container: ' | |
targets_1 | + date | |
targets_1 | + echo '' | |
targets_1 | + '[' -e /tmp/firsttimerunning ']' | |
targets_1 | + set -e | |
targets_1 | + echo 'Checking args' | |
targets_1 | + '[' '' = - ']' | |
targets_1 | + echo 'Setting DataDir: /var/lib/mysql' |
-
Do we have a small, illustrative sample of delegation use cases?
-
Assigning roles is much more straightforward than delegating a subset of one’s own permissions. Use direct assignment whenever possible
.
-
delegate (verb): If specified conditions exist, then assign a subset of the delegator’s permissions to another user
-
parameters to the delegation function:
-
make it easier for I2 developers and contractors to spin up tailor-made UIs for specific use cases
-
make it easier for technical staff at adopting campuses to easily generate UIs to meet local needs
Before starting the demo with docker-compose up, edit IdP and SP metadata (5 files) to change endpoints from localhost to actual host’s domain name. Otherwise you will be unable to log into the embedded Grouper instance.
cd opt/midPoint_container/demo/name/configs-and-secrets/grouper/shibboleth
vi idp-metadata.xml
:%s/localhost/host.domain.name/g
package org.aktis; | |
import java.util.HashMap; | |
import java.util.Map; | |
import com.fasterxml.jackson.annotation.JsonAnyGetter; | |
import com.fasterxml.jackson.annotation.JsonAnySetter; | |
import com.fasterxml.jackson.annotation.JsonIgnore; | |
import com.fasterxml.jackson.annotation.JsonInclude; | |
import com.fasterxml.jackson.annotation.JsonProperty; | |
import com.fasterxml.jackson.annotation.JsonPropertyOrder; |
2019-05-16 21:09 2nd attempt to work with fedmgr api
curl -X GET "https://fmdev....internet2.edu/siteadmin/api/organizations/roles" \
-H "accept: application/json" \
-H "X-API-Key: 03...638" \
> fmRoles.json
2019-04-15 Provisioning and De-provisioning Technologies: Connectors, Transport Protocols, Apis and Event-Driven Messages
Provisioning engines push and/or pull information from connected systems. Today the most commonly encountered use is for provisioning user and account information but additional uses are emerging over time.
The actual connections between provisioning engine and provisioned system takes many forms. Shared access flat files, most commonly csv files, are the lowest common denominator for information exchange between systems. One step up would be database views provided by the provisioner to which the provisioned systems have read access. Another widely found approach is for an LDAP directory to be the primary provisioned system, and other systems needing user information get it via LDAP queries.
More recent approaches have embraced APIs and event-message passing between provisioning sources and recipients. All too frequently, the recipient and source systems co
[ | |
{ "id" : "urn:ietf:params:scim:schemas:core:2.0:User", | |
"name" : "User", | |
"description" : "User Account", | |
"attributes" : [ | |
{ | |
"name" : "userName", | |
"type" : "string", | |
"multiValued" : false, |