Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:synchronization:dev:relation-sync [2019/02/26 13:26] kotisovam greater part moved to admin guide |
devel:documentation:synchronization:dev:relation-sync [2022/12/21 09:28] (current) apeterova [Correlation] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
{{tag> sync relationship contract}} | {{tag> sync relationship contract}} | ||
+ | <note tip> | ||
+ | ===== What is contractual relationship ===== | ||
+ | |||
+ | <note tip>They define the link between the identity and the tree structure. In the application, | ||
+ | ===== Actions after end of sync ===== | ||
+ | |||
+ | <note important> | ||
+ | ==== HR processes ==== | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | [[..: | ||
+ | |||
+ | HR processes can be (**should be**) correctly started after the end of the sync. This can be ensured by the property `After end, start the HR processes` on the detail of sync configuration. If is this property ticked, then HR processes ' | ||
+ | ==== Automatic roles ==== | ||
+ | |||
+ | Recalculation of automatic roles is skipped during sync. Recalculation of automatic roles can be (**should be**) correctly started after the end of the sync. This can be ensured by the property ' | ||
+ | |||
+ | {{ .: | ||
+ | |||
+ | ===== Fields for sync contractual relationship mapping ===== | ||
+ | |||
+ | * **Owner** | ||
+ | * ID of IdM identity in String or UUID format. | ||
+ | * Username of IdM identity in String. | ||
+ | * **Main** | ||
+ | * **State** | ||
+ | * **Position** | ||
+ | * **Guarantees** | ||
+ | * **Work position** | ||
+ | * **Other positions** | ||
+ | * **Valid from** | ||
+ | * **Valid till** | ||
+ | * **Externe** | ||
+ | * **Description** | ||
+ | ==== Guarantees field ==== | ||
+ | |||
+ | List of leaders, directly linked on the contractual relation. Linked leader must exists in IdM. Output from attribute transformation can be: | ||
+ | |||
+ | * Username of leader (String). | ||
+ | * Id of leader (UUID or String). | ||
+ | * List of usernames (List< | ||
+ | * List of Ids (List< | ||
+ | * Null value. If is value not defined and in sync configuration has set ' | ||
+ | |||
+ | If some leader will not found. Then will be synchronization item marked as ' | ||
+ | < | ||
+ | |||
+ | ......................... | ||
+ | Finding guarantee [temslie7]. | ||
+ | ......................... | ||
+ | Warning! - Identity [temslie7] was not found for [temslie7]! | ||
+ | ......................... | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Work position field ==== | ||
+ | |||
+ | Define link to some tree node. Generaly define place in organization structure. Output from attribute transformation can be: | ||
+ | |||
+ | * Id of tree node (UUID or String). | ||
+ | * Code of tree node. Node by code will be searching in default tree (define in sync configuration ' | ||
+ | * Null value. If is value not defined and in sync configuration has set ' | ||
+ | |||
+ | If node will not found. Then will be synchronization item marked as ' | ||
+ | |||
+ | < | ||
+ | ........................ | ||
+ | Work position - try find directly by transformed value [Divanoodle]! | ||
+ | ........................ | ||
+ | Work position - was not not found directly from transformed value [Divanoodle]! | ||
+ | ........................ | ||
+ | Work position - try find in default tree type [DEFAULT_ORG] with code [Divanoodle]! | ||
+ | ........................ | ||
+ | Warning - Work position - none node found for code [Divanoodle]! | ||
+ | |||
+ | </ | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ==== Other positions field ==== | ||
+ | |||
+ | Define link to other contract positions - tree nodes. Generaly define other contract places in organization structure. Output from attribute transformation can be: | ||
+ | |||
+ | * List of Ids of tree nodes (List< | ||
+ | * Codes of tree nodes (List< | ||
+ | * Null value - contract positions will be empty. | ||
+ | |||
+ | ==== State field ==== | ||
+ | |||
+ | State of contract. Output from attribute transformation must be enumeration ContractState or String representation for this enumeration. | ||
+ | |||
+ | ContractState have this values: | ||
+ | |||
+ | * **[[..: | ||
+ | * **[[..: | ||
In some situations can be informations needed to determine result state in more than once source attributes. | In some situations can be informations needed to determine result state in more than once source attributes. | ||
- | For example we can have attribute ' | + | For example we can have attribute ' |
- | In this case states ' | + | |
- | <note important> | + | <note important> |
In this case you can use attribute ' | In this case you can use attribute ' | ||
Line 13: | Line 109: | ||
For resolve situation discrabed above was created transformation script ' | For resolve situation discrabed above was created transformation script ' | ||
< | < | ||
+ | |||
/** | /** | ||
* Compiles identity-relation state. Returns final state for the relation | * Compiles identity-relation state. Returns final state for the relation | ||
* (contract). Uses input value as relation state and value from defined | * (contract). Uses input value as relation state and value from defined | ||
* disabled attribute (from whole IC attributes ... comes from source system) | * disabled attribute (from whole IC attributes ... comes from source system) | ||
- | * | + | * |
* Result for this script can be one value from [DISABLED, EXCLUDED, null]. | * Result for this script can be one value from [DISABLED, EXCLUDED, null]. | ||
*/ | */ | ||
Logger log = LoggerFactory.getLogger( | Logger log = LoggerFactory.getLogger( | ||
- | " | + | |
log.info(" | log.info(" | ||
/** | /** | ||
Line 39: | Line 136: | ||
/** | /** | ||
- | * Define state of relation comes from source system (assumes String value) | + | * Define state of relation comes from source system (assumes String value) |
- | | + | */ |
String stateValue = null; | String stateValue = null; | ||
if(attributeValue != null) { | if(attributeValue != null) { | ||
- | if(!(attributeValue instanceof String)) | + | |
- | { | + | { |
- | throw new SynchronizationException(MessageFormat.format( | + | throw new SynchronizationException(MessageFormat.format( |
- | "Value [{0}] for identity-relation state must be String, but is [{1}] (System [{2}])", | + | "Value [{0}] for identity-relation state must be String, but is [{1}] (System [{2}])", |
- | value.getClass(), | + | value.getClass(), |
- | } | + | } |
- | stateValue = (String) attributeValue; | + | stateValue = (String) attributeValue; |
} | } | ||
if(icAttributes != null){ | if(icAttributes != null){ | ||
- | for (IcAttribute icAttribute : icAttributes) { | + | |
- | if (disableAttributeName.equalsIgnoreCase(icAttribute.getName())) { | + | if (disableAttributeName.equalsIgnoreCase(icAttribute.getName())) { |
- | Object disableValue = icAttribute.getValue(); | + | Object disableValue = icAttribute.getValue(); |
- | if (disableValue == null) { | + | if (disableValue == null) { |
- | disabled = false; | + | disabled = false; |
- | } else { | + | } else { |
- | if (disableValue instanceof Boolean) { | + | if (disableValue instanceof Boolean) { |
- | disabled = (boolean) disableValue; | + | disabled = (boolean) disableValue; |
- | } else if (disableValue instanceof String) { | + | } else if (disableValue instanceof String) { |
- | disabled = Boolean.parseBoolean((String) disableValue); | + | disabled = Boolean.parseBoolean((String) disableValue); |
- | } | + | } |
- | } | + | } |
- | } | + | } |
- | } | + | } |
} | } | ||
if(disabled){ | if(disabled){ | ||
- | // Relation is disabled | + | |
- | log.info(MessageFormat.format("' | + | log.info(MessageFormat.format("' |
- | return ContractState.DISABLED.name(); | + | return ContractState.DISABLED.name(); |
} | } | ||
for(String excludeState: | for(String excludeState: | ||
- | if (excludeState.equals(stateValue)) { | + | |
- | // Relation is excluded | + | // Relation is excluded |
- | return ContractState.EXCLUDED.name(); | + | return ContractState.EXCLUDED.name(); |
- | } | + | } |
} | } | ||
// Relation is maybe active (depends on validity relation attributes too). | // Relation is maybe active (depends on validity relation attributes too). | ||
return null; | return null; | ||
- | </ | + | |
+ | </ | ||
+ | ===== Correlation ===== | ||
+ | |||
+ | Synchronization of contracts supports only correlation by simple text attributes. That means, if you already have some existing contracts and you want to pair them with accounts on some new source system, you have to use some e xtended attribute of contracts which will contain the identifier usable for correlation. Specifically, | ||
+ | |||
+ | '' | ||
+ | |||
+ | If you synchronize only new contracts from a source system, use simply the identifier as a correlation attribute and don't map the identifier to anything. | ||
===== Tutorials ===== | ===== Tutorials ===== | ||
- | | + | |
+ | | ||
+ |