diff --git a/common.bash b/common.bash index 4d2352e..b51a008 100644 --- a/common.bash +++ b/common.bash @@ -1,3 +1,3 @@ maintainer="i2incommon" imagename="midpoint" -tag="4.5" +tag="4.6" diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml index 21a69e2..d7d9406 100644 --- a/demo/grouper/docker-compose.yml +++ b/demo/grouper/docker-compose.yml @@ -173,7 +173,7 @@ services: - CREATE_NEW_DATABASE=if_needed data_init: - image: i2incommon/midpoint:${tag:-4.5} + image: i2incommon/midpoint:${tag:-4.6} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -229,7 +229,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.5} + tag: ${tag:-4.6} depends_on: - data_init - midpoint_data diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile index 56d6f3a..e789c61 100644 --- a/demo/grouper/midpoint_server/Dockerfile +++ b/demo/grouper/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -ARG tag=4.5 +ARG tag=4.6 FROM i2incommon/midpoint:${tag} diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml index 2ed2227..a57bb9f 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml @@ -162,12 +162,13 @@ import com.evolveum.midpoint.schema.* import com.evolveum.midpoint.xml.ns._public.common.common_3.* import com.evolveum.midpoint.model.common.expression.ModelExpressionThreadLocalHolder + import com.evolveum.midpoint.model.api.context.ProjectionContextKey GROUPER_RESOURCE_OID = '1eff65de-5bb6-483d-9edf-8cc2c2ee0233' modelContext = ModelExpressionThreadLocalHolder.lensContext - rsd = new ResourceShadowDiscriminator(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null, false) - if (modelContext.findProjectionContext(rsd) != null) { + + if (modelContext.findProjectionContextByKeyExact(ProjectionContextKey.classified(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null)) != null) { log.info('Projection context for Grouper group found, marking as "active"') 'active' } else { diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml index fbba265..300e5a9 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml @@ -7,11 +7,11 @@ - internalLoginForm + loginForm Internal username/password authentication, default user password, login form - internalBasic + httpBasic Internal username/password authentication, using HTTP basic auth @@ -46,17 +46,18 @@ admin-gui-default + Default gui sequence Default GUI authentication sequence. - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user gui-default - internalLoginForm - 30 + loginForm + 1 sufficient @@ -79,39 +80,38 @@ - rest + rest-default Authentication sequence for REST service. - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest rest-default - internalBasic - 10 + httpBasic + 1 sufficient - actuator + actuator-default Authentication sequence for actuator. - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator actuator-default - internalBasic - 10 + httpBasic + 1 sufficient - /actuator - /actuator/health + /actuator/health @@ -119,8 +119,7 @@ 3 PT3M PT15M - - + diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml index fe5f876..cf88f07 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml @@ -245,46 +245,263 @@ demo/grouper - - /self/profile - - PageSelfDashboard.profile.description - - fa fa-user - - green - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll - - - /self/credentials - - PageSelfDashboard.credentials.description - - fa fa-shield - - blue - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll - - - /admin/users - - - fa fa-users - - red - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users - - - /admin/resources - - - fa fa-database - - purple - http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources - + + UserType + + myAccesses + + + col-12 col-xxl-6 + + fe fe-assignment + + + 10 + + viewAll + + + + fa fa-search + + + + /self/profile/user + allAssignments + + + + requestAccess + + + + fas fa-plus-circle + + + + /self/requestAccess + + + allAssignments + 5 + + + myRequests + + + col-12 col-xxl-6 + + fe fe-case + + + 20 + + viewAll + + + + fa fa-search + + + + /admin/casesAll + my-cases + + + myRequests + 5 + + + myWorkItems + + + col-12 col-xxl-6 + + fa fa-inbox + + + 40 + + viewAll + + + + fa fa-search + + + + /admin/myWorkItems + + + myWorkItems + 5 + + + myAccounts + + + col-12 col-xxl-6 + + fa fa-male + + + 30 + + viewAll + + + + fa fa-search + + + + /self/profile/user + projections + + + projections + 5 + + + profileWidget + + + PageSelfDashboard.profile.description + col-md-3 + + fa fa-user + green + + + linkWidget + + profile-widget-action + + /self/profile/user + + + + + credentialsWidget + + + PageSelfDashboard.credentials.description + col-md-3 + + fa fa-shield-alt + blue + + + linkWidget + + credentials-widget-action + + /self/credentials + + + + + listResourcesWidget + + + col-md-3 + + fa fa-database + purple + + + linkWidget + + list-resources-widget-action + + /admin/resources + + + + + listUsersWidget + + + col-md-3 + + fa fa-user + red + + + linkWidget + + list-resources-widget-action + + /admin/users + + + + my-cases @@ -432,7 +649,7 @@ - fa fa-pie-chart + fa fa-chart-pie green @@ -771,12 +988,431 @@ + + + rw-type-basic + + basic + + + + + schemaHandling/objectType/displayName + visible + + + schemaHandling/objectType/description + visible + + + schemaHandling/objectType/kind + visible + + + schemaHandling/objectType/intent + visible + + + schemaHandling/objectType/securityPolicyRef + visible + + + schemaHandling/objectType/default + visible + + + + hidden + schemaHandling/objectType + + rw-type-basic + + + rw-type-delineation + + delineation + + + + + schemaHandling/objectType/delineation/objectClass + visible + + + schemaHandling/objectType/delineation/auxiliaryObjectClass + visible + + + schemaHandling/objectType/delineation/searchHierarchyScope + visible + + + schemaHandling/objectType/delineation/filter + visible + + + schemaHandling/objectType/delineation/classificationCondition + visible + + + + hidden + schemaHandling/objectType/delineation + + rw-type-delineation + + + rw-attribute-limitations + + limitationsMapping + + + + + schemaHandling/objectType/attribute/limitations/access/read + visible + + + schemaHandling/objectType/attribute/limitations/access/add + visible + + + schemaHandling/objectType/attribute/limitations/access/modify + visible + + + schemaHandling/objectType/attribute/limitations/minOccurs + visible + + + schemaHandling/objectType/attribute/limitations/maxOccurs + visible + + + schemaHandling/objectType/attribute/limitations/processing + visible + + + + hidden + schemaHandling/objectType/attribute/limitations + + rw-attribute-limitations + + + rw-synchronization-reaction-main + + reactionMainSetting + + + + + schemaHandling/objectType/synchronization/reaction/name + visible + + + schemaHandling/objectType/synchronization/reaction/description + visible + + + schemaHandling/objectType/synchronization/reaction/situation + visible + + + + hidden + schemaHandling/objectType/synchronization/reaction + + rw-synchronization-reaction-main + + + rw-synchronization-reaction-optional + + reactionOptionalSetting + + + + + schemaHandling/objectType/synchronization/reaction/condition + visible + + + schemaHandling/objectType/synchronization/reaction/channel + visible + + + schemaHandling/objectType/synchronization/reaction/order + visible + + + + hidden + schemaHandling/objectType/synchronization/reaction + + rw-synchronization-reaction-optional + + + rw-attribute + + mainConfigurationAttribute + + + + + schemaHandling/objectType/attribute/ref + visible + + + schemaHandling/objectType/attribute/displayName + visible + + + schemaHandling/objectType/attribute/help + visible + + + schemaHandling/objectType/attribute/description + visible + + + schemaHandling/objectType/attribute/tolerant + visible + + + schemaHandling/objectType/attribute/exclusiveStrong + visible + + + schemaHandling/objectType/attribute/readReplaceMode + visible + + + schemaHandling/objectType/attribute/fetchStrategy + visible + + + schemaHandling/objectType/attribute/matchingRule + visible + + + + hidden + schemaHandling/objectType/attribute + + rw-attribute + + + rw-association + + association + + + + + schemaHandling/objectType/association/ref + visible + + + schemaHandling/objectType/association/displayName + visible + + + schemaHandling/objectType/association/description + visible + + + schemaHandling/objectType/association/auxiliaryObjectClass + visible + + + schemaHandling/objectType/association/kind + visible + + + schemaHandling/objectType/association/intent + visible + + + schemaHandling/objectType/association/direction + visible + + + schemaHandling/objectType/association/associationAttribute + visible + + + schemaHandling/objectType/association/shortcutAssociationAttribute + visible + + + schemaHandling/objectType/association/valueAttribute + visible + + + schemaHandling/objectType/association/shortcutValueAttribute + visible + + + schemaHandling/objectType/association/explicitReferentialIntegrity + visible + + + + hidden + schemaHandling/objectType/association + + rw-association + + + + + rw-connectorConfiguration-partial + + required + + + + + connectorConfiguration/configurationProperties/jdbcUrlTemplate + + + connectorConfiguration/configurationProperties/jdbcDriver + + + connectorConfiguration/configurationProperties/password + + + connectorConfiguration/configurationProperties/user + + + connectorConfiguration/configurationProperties/port + + + + hidden + connectorConfiguration/configurationProperties + + rw-connectorConfiguration-partial + + + run + + + + connectorType + org.identityconnectors.databasetable.DatabaseTableConnector + + + available + true + + + + + + + + rw-connectorConfiguration-partial + + required + + + + + connectorConfiguration/configurationProperties/host + + + connectorConfiguration/configurationProperties/port + + + connectorConfiguration/configurationProperties/connectionSecurity + + + + hidden + connectorConfiguration/configurationProperties + + rw-connectorConfiguration-partial + + + run + + + + connectorType + com.evolveum.polygon.connector.ldap.LdapConnector + + + available + true + + + + + + + + rw-connectorConfiguration-partial + + required + + + + + connectorConfiguration/configurationProperties/host + + + connectorConfiguration/configurationProperties/port + + + connectorConfiguration/configurationProperties/connectionSecurity + + + + hidden + connectorConfiguration/configurationProperties + + rw-connectorConfiguration-partial + + + run + + + + connectorType + com.evolveum.polygon.connector.ldap.ad.AdLdapConnector + + + available + true + + + + + true admin-dashboard + + + + allRoles + true + allRoles + + + allOrgs + allOrgs + + + allServices + allServices + + + never @@ -942,7 +1578,7 @@ allow - org.apache.commons.lang.StringUtils + org.apache.commons.lang3.StringUtils Apache Commons: Strings allow diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml index 64dcbe2..b51d7bc 100644 --- a/demo/shibboleth/docker-compose-tests.yml +++ b/demo/shibboleth/docker-compose-tests.yml @@ -5,7 +5,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.5} + image: i2incommon/midpoint:${tag:-4.6} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -61,7 +61,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.5} + tag: ${tag:-4.6} command: /usr/local/bin/startup.sh depends_on: - data_init diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml index adfba65..64b9c2a 100644 --- a/demo/shibboleth/docker-compose.yml +++ b/demo/shibboleth/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.5} + image: i2incommon/midpoint:${tag:-4.6} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -58,7 +58,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.5} + tag: ${tag:-4.6} command: /usr/local/bin/startup.sh depends_on: - data_init diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile index 56d6f3a..e789c61 100644 --- a/demo/shibboleth/midpoint_server/Dockerfile +++ b/demo/shibboleth/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -ARG tag=4.5 +ARG tag=4.6 FROM i2incommon/midpoint:${tag} diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml index 321d03b..87cd75d 100644 --- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml +++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml @@ -7,11 +7,11 @@ - internalLoginForm + loginForm Internal username/password authentication, default user password, login form - internalBasic + httpBasic Internal username/password authentication, using HTTP basic auth @@ -85,53 +85,53 @@ admin-gui-default + Default gui sequence Special GUI authentication sequence that is using Shibboleth SP - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user shib httpHeader - 30 + 1 sufficient - rest + rest-default Authentication sequence for REST service. - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest rest-default - internalBasic - 10 + httpBasic + 1 sufficient - actuator + actuator-default Authentication sequence for actuator. - http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator true + http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator actuator-default - internalBasic - 10 + httpBasic + 1 sufficient - /actuator /actuator/health @@ -140,10 +140,8 @@ 3 PT3M PT15M - - + - diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml index 06a3735..f57dd15 100644 --- a/demo/simple/docker-compose.yml +++ b/demo/simple/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.5} + image: i2incommon/midpoint:${tag:-4.6} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -57,7 +57,7 @@ services: - mp_pw:/opt/mp-pw midpoint_server: - image: i2incommon/midpoint:${tag:-4.5} + image: i2incommon/midpoint:${tag:-4.6} depends_on: - data_init - midpoint_data diff --git a/download-midpoint.sh b/download-midpoint.sh index 48e31f9..abbd545 100755 --- a/download-midpoint.sh +++ b/download-midpoint.sh @@ -10,7 +10,7 @@ else # But if we need to incorporate interim changes to I2 distribution during # midPoint development cycle, we can specify concrete file from "midpoint-tier" # download directory by using its name (like "latest-stable"). - MP_VERSION="4.5" + MP_VERSION="4.6" else MP_VERSION=$tag fi