On 15/01/25 18:28, Feder, Stephan wrote:
Hello,
How can I make propagation depend on a condition? I would guess that there is
an easy way to achieve what I want but I just cannot find any.
Example: I have a property called "propagate" and do not want to propagate the user
unless the property is set to "true".
I tried the following:
1. Create a group called "propagation".
2. Dynamically assign users when property "propagate" is set to "true".
3. Dynamically associate members to the external resource.
Everything works using the API to set the property: When set to "true" the user
is provisioned to the external resource, and when set to any other value the user is
deprovisioned.
But when a pull task changes the value from "true" to any other value (I did
not check the reverse case) the user is not deprovisioned and still exists in the
external resource (although the user is correctly removed from the group and is no longer
associated to the resource).
Am I doing something wrong? Is there any other way?
Hi Stephan,
in Syncope, the propagation process [1] can be triggered:
1. implicitly, e.g. without any admin action,, by assigning one or more
External Resources, directly or indirectly via Group membership, to Users,
Groups or Any Objects
2. explicitly, e.g. requiring admin action, by *not* assigning External
Resources to Users, Groups or Any Objects and defining a Push Task [2]; when
defining a Push Task [3], the filter can be defined to match only specific
entities to propagate
It seems you are using (1) but would like to be conditional with it.
The easiest way to accomplish your goal is by switching to (2), creating a Push Task with
filter condition matching only users having "propagate == true" and scheduling
the execution of such Push Task with adequate frequency.
The drawback of such approach is that changes are not propagated immediately,
but at next Push Task execution (scheduled or not).
Alternatively, you can extend the DefaultUserProvisioningManager matching your Syncope
version, for example [4], and override the methods when the propagationManager and
taskExecutor are executed by placing such statements under the condition "propagate
== true".
Hope this helps.
Regards.
[1] https://syncope.apache.org/docs/3.0/reference-guide.html#propagation
[2] https://syncope.apache.org/docs/3.0/reference-guide.html#provisioning-push
[3] https://syncope.apache.org/docs/3.0/reference-guide.html#tasks-push
[4]
https://github.com/apache/syncope/blob/3_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultUserProvisioningManager.java
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
