Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:virtual_system_-_adding_or_deleting_managed_extended_attributes [2019/06/05 12:45]
doischert created 		tutorial:adm:virtual_system_-_adding_or_deleting_managed_extended_attributes [2019/06/05 13:47]
doischert [Deleting attributes on virtual systems]
Line 1: Line 1:
-====== Virtual system - adding or deleting managed extended attributes ======+====== Virtual system - adding (and deletingextended attributes managed by CzechIdM ======
  
 {{tag> system virtual tutorial extended attributes}} {{tag> system virtual tutorial extended attributes}}
Line 5: Line 5:
 ===== Introduction ===== ===== Introduction =====
  
-After you've connected a virtual system to CzechIdM (see the tutorial [[https://wiki.czechidm.com/tutorial/adm/how_to_create_virtual_system|here]], you may need to add some extended attributes which are present in the connected system. To achieve this, make sure you have 1) connected the virtual system, 2) have admin set as the implementer, and 3) are logged in as admin.+After you've connected a virtual system to CzechIdM (see the tutorial [[tutorial:adm:how_to_create_virtual_system|here]]), you may need to add some extended attributes which are present in the connected system. To achieve this, make sure you have 1) connected the virtual system, 2) have admin set as the implementer, and 3) are logged in as admin.
  
 Let's assume that the managed system contains the information about the building in which each person has their office. To add this information to the IdM, we have to follow several steps. Let's assume that the managed system contains the information about the building in which each person has their office. To add this information to the IdM, we have to follow several steps.
Line 13: Line 13:
 First, click on Setting in the left panel and choose Form definitions. In the list, find idmIdentity and open it (with the magnifying glass). After that, select Form Attributes and click the green Add button. Only two fields are required: Code, and Name. Make sure you change the Attribute type from default (Short text) if the type is different. You can also set e. g. a default value or a validation using regular expressions if it makes sense in the specific case. Once you've finished, click Save. First, click on Setting in the left panel and choose Form definitions. In the list, find idmIdentity and open it (with the magnifying glass). After that, select Form Attributes and click the green Add button. Only two fields are required: Code, and Name. Make sure you change the Attribute type from default (Short text) if the type is different. You can also set e. g. a default value or a validation using regular expressions if it makes sense in the specific case. Once you've finished, click Save.
  
-{{:tutorial:adm:formdef.png?direct&1200|}} +{{ :tutorial:adm:formdef.png?direct&1200 |}} 
- +{{ :tutorial:adm:formattr.png?direct&1200 |}}
-{{:tutorial:adm:formattr.png?direct&1200|}}+
  
 ===== Step 2: add the attribute to configuration ===== ===== Step 2: add the attribute to configuration =====
Line 21: Line 20:
 Click Virtual systems in the left panel and select List. Open you virtual system and select Configuration. Add your attribute (building) to the list of attributes and click on save. Click Virtual systems in the left panel and select List. Open you virtual system and select Configuration. Add your attribute (building) to the list of attributes and click on save.
  
-{{:tutorial:adm:conf_attr.png?direct&1200|}}+{{ :tutorial:adm:conf_attr.png?direct&1200 |}}
  
 ===== Step 3: modify scheme and mapping ===== ===== Step 3: modify scheme and mapping =====
Line 27: Line 26:
 Click Scheme in your virtual system. You should only see ACCOUNT; open it with the magnifying glass. In Scheme attributes, click the green Add button. In here, fill out the name of the attribute (building), its data type (java.lang.String in this case), and check boxes for Able to read, Able to create, Able to edit, and Returned by default. Click save. Click Scheme in your virtual system. You should only see ACCOUNT; open it with the magnifying glass. In Scheme attributes, click the green Add button. In here, fill out the name of the attribute (building), its data type (java.lang.String in this case), and check boxes for Able to read, Able to create, Able to edit, and Returned by default. Click save.
  
-{{:tutorial:adm:scheme_mod.png?direct&1200|}}+{{ :tutorial:adm:scheme_mod.png?direct&1200 |}}
  
-{{:tutorial:adm:attr_det.png?direct&1200|}}+{{ :tutorial:adm:attr_det.png?direct&1200 |}}
  
 After that, we have to add the attributes to the mapped attributes. Click Mapping and open Provisioning where you will see the list of mapped attributes. Click Add. Select the Attribute in schema (building). Check the box Extended attr. and fill out the desired IdM key. Click Save. After that, we have to add the attributes to the mapped attributes. Click Mapping and open Provisioning where you will see the list of mapped attributes. Click Add. Select the Attribute in schema (building). Check the box Extended attr. and fill out the desired IdM key. Click Save.
  
-{{:tutorial:adm:mapped_attr.png?direct&1200|}}+{{ :tutorial:adm:mapped_attr.png?direct&1200 |}}
  
-{{:tutorial:adm:attr_det2.png?direct&1200|}}+{{ :tutorial:adm:attr_det2.png?direct&1200 |}}
  
 ===== Step 4: check the functionality ===== ===== Step 4: check the functionality =====
Line 41: Line 40:
 If you open the details of a user with a role defined in the virtual system (with the magnifying glass), click Show full details and select More information, you should now see that you can set the value of the attribute (building). Try to fill in some test information and click Save. If you open the details of a user with a role defined in the virtual system (with the magnifying glass), click Show full details and select More information, you should now see that you can set the value of the attribute (building). Try to fill in some test information and click Save.
  
-{{:tutorial:adm:more_info.png?direct&1200|}}+{{ :tutorial:adm:more_info.png?direct&1200 |}}
  
 Now go to Virtual systems in the left panel and click Requests. You should now see that there is a new request. If you open it you will see in the detail that the attribute has changed. Also, if you click Notifications and Notifications history in the left panel, you will see that the implementer has been notified that they should make the change in the system they manage and then confirm they've done so in the IdM. Now go to Virtual systems in the left panel and click Requests. You should now see that there is a new request. If you open it you will see in the detail that the attribute has changed. Also, if you click Notifications and Notifications history in the left panel, you will see that the implementer has been notified that they should make the change in the system they manage and then confirm they've done so in the IdM.
  
-{{:tutorial:adm:request.png?direct&1200|}}+{{ :tutorial:adm:request.png?direct&1200 |}} 
 + 
 +{{ :tutorial:adm:request_det.png?direct&1200 |}} 
 + 
 +===== Deleting attributes on virtual systems ===== 
 + 
 +Some of the attributes may be superfluous in some cases, e. g., a system which only needs identity's first name and last name to create a login won't need to know user's phone number. Unless we remove those attributes, they will present an unnecessary administrative load since the implementer will be notified each time they change, even though they are not relevant for them. 
 + 
 +Removing these attributes is similar in process to creating them - basically, we have to retrace our steps and undo the changes we've made in steps 1, 2 and 3. 
 + 
 +If you want to stop provisioning an attribute which is present in other systems you have to do even fewer changes. This can be relevant in the above mentioned phone number case. In this case, undo only steps 2 and 3. 
 + 
 +First, remove the mapping of the attribute. Click Virtual systems, List, Mapping, and Provisioning. Check the checkbox next to the attribute you want to remove. Above the list, a new dialog should appear, Operation with selected record. Click and choose Remove. Click Yes. 
 + 
 +{{ :tutorial:adm:removemapping.png?direct&1200 |}} 
 + 
 +Then move to Scheme, click ACCOUNT. Check the checkbox next to the attribute you want to remove. Above the list, a new dialog should appear, Operation with selected record. Click and choose Remove. Click Yes. 
 + 
 +{{ :tutorial:adm:removescheme.png?direct&1200 |}} 
 + 
 +Then go to Configuration, find Attributes and delete the attribute you want to remove. Click Save. 
 + 
 +{{ :tutorial:adm:removeconfig.png?direct&1200 |}} 
 + 
 +The attribute is still present in the detail of the user; however, it is no longer connected to the virtual system and the implementer will not be notified when the attribute's value changes. 
 + 
 +If you want to remove the attribute from the IdM entirely, you have to undo step 1 as well. Please note, however, that if any role has this attribute filled in (not empty), you will not be able to remove the attribute. Go to Settings, Configuration, Form definitions, Form Attributes. Check the checkbox next to the attribute you want to remove. Above the list, a new dialog should appear, Operation with selected record. Click and choose Remove. Click Yes.  
 + 
 +{{ :tutorial:adm:removedefinition.png?direct&1200 |}} 
  
-{{:tutorial:adm:request_det.png?direct&1200|}} 
  • by poulm