Resource wizard: Association type configuration

Last modified 21 Jan 2025 16:24 +01:00

Since 4.9

This functionality is available since version 4.9.

Table of Contents

Configuration of resource wizard panels
How to use Lifecycle state
Limitations

Associations allow you to configure resource for object type relations. Typically, this is used to configure how account/group membership is defined and processed.

See also the following pages for more information:

After clicking on btn:[Configure association type], you will see a table of association types.

Figure 1. Table of association types

Click btn:[Add association type] to start configuring new association type.

The first step in creating a new association is to select the type of association (by clicking on it), which is predefined by capabilities or connector.

Figure 2. Select association

After selecting the association, you will see a four-step wizard. The first step allows you to configure the basic settings:

Name and Display name are used for naming purposes
Description allows a short description to be entered
Lifecycle state allows defining the lifecycle state, e.g. Proposed for simulation of the association configuration

Figure 3. Basic configuration

Click btn:[Next: Subjects] to continue in the association type definition wizard.

In the second step you have to select the subject (as the object type of the resource) of the association. If there is only one option, it will be selected and you can proceed to the next step.

Figure 4. Select subject

Click btn:[Next: Objects] to continue in the association type definition wizard.

The next step is very similar to the previous one, but you select the object (as the object type of the resource) of association.

Figure 5. Select object

Click btn:[Next: Data for association] to continue in the association type definition wizard.

Fill in the necessary fields to specify the reference attribute to specify the data corresponding to the association and association tolerance:

Reference attribute name will be predefined by default (but can be changed to a custom name, e.g. instead of group, ldapGroup can be used). MidPoint automatically resolves duplicate reference attribute name: if you would define multiple association types, the reference attributes would be group, group1 etc. by default.
tolerant allows specifying how midPoint tolerates associations (membership) with objects other than associated via midPoint. The default value Undefined is the same as True and makes midPoint keep the membership even if not defined via midPoint. False would remove such associations when the resource object is reprocessed, e.g. during reconciliation.

If in doubt, use Undefined or True.

/midpoint/reference/concepts/mark/[] can redefine association (membership) tolerance.

Figure 6. Specify the data for association

Click btn:[Save settings] to save the association type configuration.

Further configuration is required.

After creating a new association type, you will see a page with three options. Basic Attributes tile represents the two-step wizard that you already see during the creation of the association type, allowing to access the first and last steps without parts for selecting subjects and objects.

Subject tile allows entering Subject wizard.

Object tile allows to return back to object selection.

Figure 7. Association wizard

Configuration of resource wizard panels

Some wizard panels are configurable, for more information see Wizard panels.

How to use Lifecycle state

Resource, object type, attribute, mapping, synchronization situation and other aspects of resource configuration can be configured in different lifecycle states. As it was mentioned earlier, the Lifecycle state property can be used with Simulations. The resource is created in Proposed lifecycle state by default, it won’t work for normal deployment without switching to Active state.

By using the lifecycle state Proposed, you can test (simulate) the configuration without causing any damage to your target system data. When the simulation results are satisfactory, you can switch the lifecycle state to Active.

As the lifecycle state can be set on various configuration items, midPoint gives you a way of turning on specific parts of configuration incrementally. For example, after you switch your resource to Active lifecycle state, we recommend to add any new mappings first in Proposed lifecycle state. The new mapping can be simulated without causing any harm and switched to Active lifecycle state when ready.

Limitations

Resource wizard has several limitations as of midPoint 4.8, such as:

expression editor supports As is, Script, Literal and Generate expressions only
mapping ranges are not supported
mapping domains are not supported
correlation configuration currently supports only The items Correlator

midPoint resource wizard won’t be able to show or allow editing of these features but should tolerate them and keep them in the configuration.

Was this page helpful?

YES NO

Thanks for your feedback