Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:synchronization:dev:relation-sync [2019/12/11 12:55] svandav [HR processes] |
devel:documentation:synchronization:dev:relation-sync [2022/12/21 09:28] (current) apeterova [Correlation] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Synchronization - contractual relationship ====== | ====== Synchronization - contractual relationship ====== | ||
+ | |||
{{tag> sync relationship contract}} | {{tag> sync relationship contract}} | ||
- | <note tip> | + | <note tip> |
+ | ===== What is contractual relationship ===== | ||
- | ===== What is contractual relationship ===== | ||
<note tip>They define the link between the identity and the tree structure. In the application, | <note tip>They define the link between the identity and the tree structure. In the application, | ||
- | |||
===== Actions after end of sync ===== | ===== Actions after end of sync ===== | ||
<note important> | <note important> | ||
- | |||
==== HR processes ==== | ==== HR processes ==== | ||
<note important> | <note important> | ||
- | [[devel:dev:workflow: | + | [[..:..:hr_processes|HR processes]] in the base ensure the correct state of identity depending on the state of their contractual relationships. Because we need to evaluate the status of contractual relationships as a whole (to a given identity), it is not possible to trigger HR processes during the synchronization of each contractual relationship. Therefore, no HR processes are executed during this synchronization. |
HR processes can be (**should be**) correctly started after the end of the sync. This can be ensured by the property `After end, start the HR processes` on the detail of sync configuration. If is this property ticked, then HR processes ' | HR processes can be (**should be**) correctly started after the end of the sync. This can be ensured by the property `After end, start the HR processes` on the detail of sync configuration. If is this property ticked, then HR processes ' | ||
- | |||
==== Automatic roles ==== | ==== Automatic roles ==== | ||
Recalculation of automatic roles is skipped during sync. Recalculation of automatic roles can be (**should be**) correctly started after the end of the sync. This can be ensured by the property ' | Recalculation of automatic roles is skipped during sync. Recalculation of automatic roles can be (**should be**) correctly started after the end of the sync. This can be ensured by the property ' | ||
- | {{ : | + | {{ .: |
===== Fields for sync contractual relationship mapping ===== | ===== Fields for sync contractual relationship mapping ===== | ||
- | | + | |
+ | | ||
* ID of IdM identity in String or UUID format. | * ID of IdM identity in String or UUID format. | ||
- | * Username of IdM identity in String. | + | * Username of IdM identity in String. |
- | * **Main** - Define if is the contract main (between all contracts for the identity). Output from attribute transformation must be Boolean. | + | * **Main** |
- | * **State** - State of contract. Output from attribute transformation must be enumeration ContractState or String representation for this enumeration (DISABLED, EXCLUDED) (more details see below). | + | * **State** |
- | * **Position** - String representation of contract. Typically name of contract. | + | * **Position** |
- | * **Guarantees** - List of leaders, directly linked on the contractual relationship (more details see below). | + | * **Guarantees** |
- | * **Work position** - Define link to some tree node. Generaly define place in organization structure (more details se below). | + | * **Work position** |
- | * **Other positions** - List of other contract positions (more details se below). | + | * **Other positions** |
- | * **Valid from** - Validity for the contractual relationship. Relation is ' | + | * **Valid from** |
- | * **Valid till** - Validity for the contractual relationship. Relation is ' | + | * **Valid till** |
- | * **Externe** | + | * **Externe** |
- | * **Description** - String for description the relation. | + | * **Description** |
+ | ==== Guarantees field ==== | ||
+ | List of leaders, directly linked on the contractual relation. Linked leader must exists in IdM. Output from attribute transformation can be: | ||
- | ==== Guarantees field ==== | ||
- | List of leaders, directly linked on the contractual relation. Linked leader must exists in IdM. | ||
- | Output from attribute transformation can be: | ||
* Username of leader (String). | * Username of leader (String). | ||
* Id of leader (UUID or String). | * Id of leader (UUID or String). | ||
* List of usernames (List< | * List of usernames (List< | ||
* List of Ids (List< | * List of Ids (List< | ||
- | * Null value. If is value not defined and in sync configuration has set ' | + | * Null value. If is value not defined and in sync configuration has set ' |
If some leader will not found. Then will be synchronization item marked as ' | If some leader will not found. Then will be synchronization item marked as ' | ||
- | |||
< | < | ||
+ | |||
......................... | ......................... | ||
Finding guarantee [temslie7]. | Finding guarantee [temslie7]. | ||
Line 58: | Line 56: | ||
Warning! - Identity [temslie7] was not found for [temslie7]! | Warning! - Identity [temslie7] was not found for [temslie7]! | ||
......................... | ......................... | ||
+ | |||
</ | </ | ||
==== Work position field ==== | ==== Work position field ==== | ||
- | Define link to some tree node. Generaly define place in organization structure. | + | |
- | Output from attribute transformation can be: | + | Define link to some tree node. Generaly define place in organization structure. Output from attribute transformation can be: |
* Id of tree node (UUID or String). | * Id of tree node (UUID or String). | ||
* Code of tree node. Node by code will be searching in default tree (define in sync configuration ' | * Code of tree node. Node by code will be searching in default tree (define in sync configuration ' | ||
- | * Null value. If is value not defined and in sync configuration has set ' | + | * Null value. If is value not defined and in sync configuration has set ' |
If node will not found. Then will be synchronization item marked as ' | If node will not found. Then will be synchronization item marked as ' | ||
Line 78: | Line 78: | ||
........................ | ........................ | ||
Warning - Work position - none node found for code [Divanoodle]! | Warning - Work position - none node found for code [Divanoodle]! | ||
+ | |||
</ | </ | ||
- | <note important> | + | |
- | When isn' | + | <note important> |
==== Other positions field ==== | ==== Other positions field ==== | ||
- | Define link to other contract positions - tree nodes. Generaly define other contract places in organization structure. | + | |
- | Output from attribute transformation can be: | + | Define link to other contract positions - tree nodes. Generaly define other contract places in organization structure. Output from attribute transformation can be: |
* List of Ids of tree nodes (List< | * List of Ids of tree nodes (List< | ||
- | * Codes of tree nodes (List< | + | * Codes of tree nodes (List< |
* Null value - contract positions will be empty. | * Null value - contract positions will be empty. | ||
==== State field ==== | ==== State field ==== | ||
+ | |||
State of contract. Output from attribute transformation must be enumeration ContractState or String representation for this enumeration. | State of contract. Output from attribute transformation must be enumeration ContractState or String representation for this enumeration. | ||
ContractState have this values: | ContractState have this values: | ||
+ | |||
* **[[..: | * **[[..: | ||
* **[[..: | * **[[..: | ||
- | |||
In some situations can be informations needed to determine result state in more than once source attributes. | In some situations can be informations needed to determine result state in more than once source attributes. | ||
- | For example we can have attribute ' | + | For example we can have attribute ' |
- | In this case states ' | + | |
- | <note important> | + | <note important> |
In this case you can use attribute ' | In this case you can use attribute ' | ||
Line 107: | Line 109: | ||
For resolve situation discrabed above was created transformation script ' | For resolve situation discrabed above was created transformation script ' | ||
< | < | ||
+ | |||
/** | /** | ||
* Compiles identity-relation state. Returns final state for the relation | * Compiles identity-relation state. Returns final state for the relation | ||
* (contract). Uses input value as relation state and value from defined | * (contract). Uses input value as relation state and value from defined | ||
* disabled attribute (from whole IC attributes ... comes from source system) | * disabled attribute (from whole IC attributes ... comes from source system) | ||
- | * | + | * |
* Result for this script can be one value from [DISABLED, EXCLUDED, null]. | * Result for this script can be one value from [DISABLED, EXCLUDED, null]. | ||
*/ | */ | ||
Logger log = LoggerFactory.getLogger( | Logger log = LoggerFactory.getLogger( | ||
- | " | + | |
log.info(" | log.info(" | ||
/** | /** | ||
Line 133: | Line 136: | ||
/** | /** | ||
- | * Define state of relation comes from source system (assumes String value) | + | * Define state of relation comes from source system (assumes String value) |
- | | + | */ |
String stateValue = null; | String stateValue = null; | ||
if(attributeValue != null) { | if(attributeValue != null) { | ||
- | if(!(attributeValue instanceof String)) | + | |
- | { | + | { |
- | throw new SynchronizationException(MessageFormat.format( | + | throw new SynchronizationException(MessageFormat.format( |
- | "Value [{0}] for identity-relation state must be String, but is [{1}] (System [{2}])", | + | "Value [{0}] for identity-relation state must be String, but is [{1}] (System [{2}])", |
- | value.getClass(), | + | value.getClass(), |
- | } | + | } |
- | stateValue = (String) attributeValue; | + | stateValue = (String) attributeValue; |
} | } | ||
if(icAttributes != null){ | if(icAttributes != null){ | ||
- | for (IcAttribute icAttribute : icAttributes) { | + | |
- | if (disableAttributeName.equalsIgnoreCase(icAttribute.getName())) { | + | if (disableAttributeName.equalsIgnoreCase(icAttribute.getName())) { |
- | Object disableValue = icAttribute.getValue(); | + | Object disableValue = icAttribute.getValue(); |
- | if (disableValue == null) { | + | if (disableValue == null) { |
- | disabled = false; | + | disabled = false; |
- | } else { | + | } else { |
- | if (disableValue instanceof Boolean) { | + | if (disableValue instanceof Boolean) { |
- | disabled = (boolean) disableValue; | + | disabled = (boolean) disableValue; |
- | } else if (disableValue instanceof String) { | + | } else if (disableValue instanceof String) { |
- | disabled = Boolean.parseBoolean((String) disableValue); | + | disabled = Boolean.parseBoolean((String) disableValue); |
- | } | + | } |
- | } | + | } |
- | } | + | } |
- | } | + | } |
} | } | ||
if(disabled){ | if(disabled){ | ||
- | // Relation is disabled | + | |
- | log.info(MessageFormat.format("' | + | log.info(MessageFormat.format("' |
- | return ContractState.DISABLED.name(); | + | return ContractState.DISABLED.name(); |
} | } | ||
for(String excludeState: | for(String excludeState: | ||
- | if (excludeState.equals(stateValue)) { | + | |
- | // Relation is excluded | + | // Relation is excluded |
- | return ContractState.EXCLUDED.name(); | + | return ContractState.EXCLUDED.name(); |
- | } | + | } |
} | } | ||
// Relation is maybe active (depends on validity relation attributes too). | // Relation is maybe active (depends on validity relation attributes too). | ||
return null; | return null; | ||
- | </ | + | |
+ | </ | ||
+ | ===== Correlation ===== | ||
+ | |||
+ | Synchronization of contracts supports only correlation by simple text attributes. That means, if you already have some existing contracts and you want to pair them with accounts on some new source system, you have to use some e xtended attribute of contracts which will contain the identifier usable for correlation. Specifically, | ||
+ | |||
+ | '' | ||
+ | |||
+ | If you synchronize only new contracts from a source system, use simply the identifier as a correlation attribute and don't map the identifier to anything. | ||
===== Tutorials ===== | ===== Tutorials ===== | ||
- | | + | |
+ | | ||
+ |