khazelton

{ "id": "dcf79a45-b399-4ada-bfd4-bd797d3259b1", "titles": [ { "type": { "id": "f40562c9-684e-42da-96ae-44316fed2aa3" }, "value": "Math 101" }, {

khazelton

ttaching to sentrifugo_data, complex2_targets_1, complex2_sources_1, complex2_midpoint_data_1, wordpress_data, complex2_directory_1, complex2_mq_1, complex2_grouper_data_1, sentrifugo_server, complex2_midpoint_server_1, wordpress_server, complex2_idp_1, complex2_grouper_daemon_1, complex2_grouper_ws_1, complex2_grouper_ui_1
targets_1            | + log=/tmp/start.log
targets_1            | + echo 'Starting Container: '
targets_1            | + date
targets_1            | + echo ''
targets_1            | + '[' -e /tmp/firsttimerunning ']'
targets_1            | + set -e
targets_1            | + echo 'Checking args'
targets_1            | + '[' '' = - ']'
targets_1            | + echo 'Setting DataDir: /var/lib/mysql'

khazelton

• Do we have a small, illustrative sample of delegation use cases?

• Assigning roles is much more straightforward than delegating a subset of one’s own permissions. Use direct assignment whenever possible

.

---

• delegate (verb): If specified conditions exist, then assign a subset of the delegator’s permissions to another user

• parameters to the delegation function:

khazelton

API Discussion Starter

goals:

• make it easier for I2 developers and contractors to spin up tailor-made UIs for specific use cases

• make it easier for technical staff at adopting campuses to easily generate UIs to meet local needs

design lifcycle:

• Take user-experience as point of reference

• Take task-specific use cases as project drivers

khazelton

Running midPoint demo packages

Before starting the demo with docker-compose up, edit IdP and SP metadata (5 files) to change endpoints from localhost to actual host’s domain name. Otherwise you will be unable to log into the embedded Grouper instance.

cd opt/midPoint_container/demo/name/configs-and-secrets/grouper/shibboleth

vi idp-metadata.xml
:%s/localhost/host.domain.name/g

khazelton

package org.aktis;

import java.util.HashMap;
import java.util.Map;
import com.fasterxml.jackson.annotation.JsonAnyGetter;
import com.fasterxml.jackson.annotation.JsonAnySetter;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonPropertyOrder;

khazelton

---

2019-05-16 21:09 2nd attempt to work with fedmgr api

curl -X GET "https://fmdev....internet2.edu/siteadmin/api/organizations/roles" \
 -H "accept: application/json" \
 -H "X-API-Key: 03...638" \
 > fmRoles.json

khazelton

provConnect.adoc

---

2019-04-15 Provisioning and De-provisioning Technologies: Connectors, Transport Protocols, Apis and Event-Driven Messages

Provisioning engines push and/or pull information from connected systems. Today the most commonly encountered use is for provisioning user and account information but additional uses are emerging over time.

The actual connections between provisioning engine and provisioned system takes many forms. Shared access flat files, most commonly csv files, are the lowest common denominator for information exchange between systems. One step up would be database views provided by the provisioner to which the provisioned systems have read access. Another widely found approach is for an LDAP directory to be the primary provisioned system, and other systems needing user information get it via LDAP queries.

More recent approaches have embraced APIs and event-message passing between provisioning sources and recipients. All too frequently, the recipient and source systems co

khazelton

IdM and Provisioning Functionality

Required Functionality	Already Met	Current Gap	Provided by [midPoint]

khazelton

[

{   "id" : "urn:ietf:params:scim:schemas:core:2.0:User",
    "name" : "User",
    "description" : "User Account",
    "attributes" : [
      {
        "name" : "userName",
        "type" : "string",
        "multiValued" : false,