Resource wizard: Object type correlation
|
Since 4.9
This functionality is available since version 4.9.
|
Smart correlation in midPoint is a mechanism that links resource object shadows to existing focal objects, enabling efficient synchronization through a configurable matching system. In short, it’s a means of searching for resource object owners in midPoint.
Correlation rules dictate how to find the object owners. You can define one or more correlation rules.
Refer to Smart Correlation for more details on the topic.
Figure 1. Configuration menu in resource accounts list as an entry point to the correlation rules wizard
Create Correlation Rules
-
In Resources > All Resources, select your resource.
-
In Accounts, click Configure > Correlation.
-
Click Add rule and configure the new rule:
-
Rule name: A descriptive name of the rule. Needs to be unique in the context of the resource.
-
Description: An optional detailed description of the rule.
-
Weight: Signifies the rule confidence. 1.0 means 100% confidence. The weight is multiplied by the accumulated confidence of individual correlators within the rule to get the final confidence value of the rule.
See Rule Composition for details. -
Tier: Tiers determine the order of rule processing. If and only if a higher-tier rule doesn’t provide a confident-enough match, the next tier is processed. Lower numbers mean higher tiers.
-
Ignore if matched by: You can block the rule from evaluation if the correlator within the rule is matched in another rule already. This is useful to avoid getting skewed confidence values if multiple rules use the same correlator (e.g., surname), as they would add up and reach confidence over 100%.
See Rule Composition for details. -
Enabled: An option to temporarily disable a rule. Undefined is the same as Enabled.
-
-
Set up correlators for each rule.
-
Click Add rule and repeat until you add all the rules.
-
Click Save correlation settings to save the rules and exit the wizard.
Figure 2. List of configured correlation rules. The tier 10 rule will run only if the higher-tier rule fails to yield a result. The lower-level rule will always result in a correlation case because its confidence is <1.0.
Set up Correlators
For each correlation rule, you need to add a correlator. Correlators specify the values of which attributes are to be compared when matching resource and focal objects.
You can have multiple correlators for one correlation rule. For each correlator, you specify an attribute for which you have an inbound mapping from the resource you’re correlating.
For instance, if you have an HR system with employee numbers and an LDAP system that uses the same employee numbers, you may inbound-map the employee numbers to empnum in both resources and use the empnum attribute for correlation.
|
You can use correlation-only inbound mappings for target resources, where you normally don’t use inbound mappings. |
To add correlators to correlation rules:
-
Open the list of correlation rules in your resource via Accounts > Configure > Correlation.
-
In the list, click Edit at the far right on a correlation rule for which you want to configure the correlator.
-
Click Add correlator.
-
Under Item, select the attribute to correlate.
-
Item refers to a midPoint property for which an inbound mapping exists. This will be used for correlation. For example, if you have an inbound mapping from AD’s sAMAccountName attribute to midPoint user’s name property, you would select name here.
-
-
Select the Search method:
-
Exact match: The attribute values need to match exactly for the objects to correlate (get linked, in other words).
-
Levenshtein distance: Method of approximate matching with a threshold of the maximum permitted number of single-character edits. Refer to Levenshtein distance on Wikipedia for more details about the method.
-
Trigram similarity: Method of approximate matching using the ratio of common trigrams to all trigrams in compared strings.
-
-
For the fuzzy-search methods, define the Match threshold and whether the threshold value is Inclusive (in the mathematical sense).
-
Click Confirm settings to save the correlators and return to the correlation rule list.
Figure 3. List of correlators for one correlation rule. In this configuration, all three values must match exactly for whole rule to gain the maximum confidence.
Limitations
Resource wizard has several limitations, such as:
-
Expression editor supports As is, Script, Literal and Generate expressions only.
-
Mapping ranges are not supported.
-
Mapping domains are not supported.
-
Correlation configuration currently supports the
itemscorrelator only.
MidPoint resource wizard can’t show or edit these features but tolerates them and keeps them untouched if you configure them in XML.
See Also
Here are additional resources to explore:
-
Object Lifecycle: Gain a deeper understanding of object lifecycle management in midPoint.
-
Admin GUI Configuration: See configuration options for certain wizard panels and the GUI in general.
Was this page helpful?
YES
NO
Thanks for your feedback