diff --git a/common.bash b/common.bash
index dd48020..29c9848 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
maintainer="i2incommon"
imagename="midpoint"
-tag="4.7.2"
+tag="4.8"
diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml
index 8a5ff2b..52f2478 100644
--- a/demo/grouper/docker-compose.yml
+++ b/demo/grouper/docker-compose.yml
@@ -173,7 +173,7 @@ services:
- CREATE_NEW_DATABASE=if_needed
data_init:
- image: i2incommon/midpoint:${tag:-4.7.2}
+ image: i2incommon/midpoint:${tag:-4.8}
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
@@ -229,7 +229,7 @@ services:
build:
context: ./midpoint_server/
args:
- tag: ${tag:-4.7.2}
+ tag: ${tag:-4.8}
depends_on:
- data_init
- midpoint_data
diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile
index 0e8d4f0..d1ef481 100644
--- a/demo/grouper/midpoint_server/Dockerfile
+++ b/demo/grouper/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.7.2
+ARG tag=4.8
FROM i2incommon/midpoint:${tag}
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml
index 2461c94..b0b9400 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml
@@ -49,24 +49,4 @@
-
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml
index c249f6b..5132def 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml
@@ -6,6 +6,11 @@
xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'>
External
Non-academic person with no relation to the academy environment
+
+
+ UserType
+
+
@@ -17,9 +22,4 @@
-
-
- UserType
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml
index b4c8a42..de940bc 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml
@@ -6,6 +6,11 @@
xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'>
SIS Person
Person with a relation to the academy environment, coming from the SIS database
+
+
+ UserType
+
+
@@ -17,9 +22,4 @@
-
-
- UserType
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
index 8d8c362..4873611 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
@@ -82,7 +82,7 @@
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
index 201777a..d2c4d98 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
@@ -8,9 +8,11 @@
org-grouper-sysadmin
- Grouper Administrators
+
+
+ Grouper Administrators
sysadmingroup
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
index c768c90..57bedbe 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
@@ -168,7 +168,7 @@
strong
- employeeNumber
+ personalNumber
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
index 58aeb9b..74587bf 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -1,8 +1,5 @@
-
-
+
Default Security Policy
@@ -69,7 +66,7 @@
- internalLoginForm
+ internalLoginForm
30
sufficient
@@ -111,6 +108,4 @@
-
-
-
+
\ No newline at end of file
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
index 2ecd04e..52c86d3 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
@@ -6,16 +6,16 @@
~ and European Union Public License. See LICENSE file for details.
-->
+ xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
+ xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+ xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+ xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+ xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
+ xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+ xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
SystemConfiguration
true
@@ -27,12 +27,12 @@
ERROR
ro.isdc.wro.extensions.processor.css.Less4jProcessor
-
+
OFF
org.springframework.security.web.DefaultSecurityFilterChain
-
+
OFF
@@ -42,40 +42,40 @@
Otherwise the log is filled-in with (innocent but ugly-looking) messages like
"ERROR (o.h.engine.jdbc.batch.internal.BatchingBatch): HHH000315: Exception executing batch [Deadlock detected.
The current transaction was rolled back." -->
-
+
OFF
org.hibernate.engine.jdbc.batch.internal.BatchingBatch
-
+
WARN
org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl
-
+
OFF
org.hibernate.internal.ExceptionMapperStandardImpl
-
+
WARN
org.apache.wicket.resource.PropertiesFactory
-
+
ERROR
org.springframework.context.support.ResourceBundleMessageSource
-
+
INFO
com.evolveum.midpoint.model.impl.lens.projector.Projector
-
+
INFO
com.evolveum.midpoint.model.impl.lens.Clockwork
@@ -85,9 +85,10 @@
com.evolveum.polygon.connector.grouper
-
%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n
+ MIDPOINT_LOG
${midpoint.home}/log/midpoint.log
${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log
10
@@ -95,9 +96,10 @@
true
-
%date %level: %msg%n
+ MIDPOINT_PROFILE_LOG
${midpoint.home}/log/midpoint-profile.log
${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log
10
@@ -182,7 +184,7 @@
-
+
performance
Performance tracing
true
@@ -191,7 +193,7 @@
true
true
-
+
functional
Functional tracing
true
@@ -199,11 +201,11 @@
true
true
true
-
+
normal
-
+
functional-model-logging
Functional tracing (with model logging)
true
@@ -212,16 +214,16 @@
true
true
-
+
com.evolveum.midpoint.model
TRACE
-
+
normal
-
+
functional-sql-logging
Functional tracing (with SQL logging)
true
@@ -230,12 +232,12 @@
true
true
-
+
org.hibernate.SQL
TRACE
-
+
normal
@@ -245,9 +247,12 @@
demo/grouper
-
+
UserType
-
+
+ search
+
+
myAccesses
10
-
+
viewAll
-
+
requestAccess
-
+
myRequests
20
-
+
viewAll
-
+
myWorkItems
40
-
+
viewAll
-
+
myAccounts
30
-
+
viewAll
-
+
profileWidget
linkWidget
-
+
profile-widget-action
/self/profile/user
-
+
credentialsWidget
linkWidget
-
+
credentials-widget-action
/self/credentials
-
- listResourcesWidget
+
+ listResourcesWidget
linkWidget
-
+
list-resources-widget-action
-
+
/admin/resources
-
+
listUsersWidget
linkWidget
-
+
list-resources-widget-action
/admin/users
@@ -499,7 +504,7 @@
-
+
my-cases
@@ -522,7 +527,7 @@
-
+
manual-case-view
@@ -543,7 +548,7 @@
-
+
operation-request-case-view
@@ -564,7 +569,7 @@
-
+
approval-case-view
@@ -585,7 +590,7 @@
-
+
correlation-case-view
@@ -605,7 +610,7 @@
-
+
reconciliation-tasks-view
30
TaskType
@@ -613,7 +618,7 @@
-
+
recomputation-tasks-view
30
TaskType
@@ -621,7 +626,7 @@
-
+
import-tasks-view
30
TaskType
@@ -629,7 +634,7 @@
-
+
live-sync-tasks-view
30
TaskType
@@ -637,7 +642,7 @@
-
+
async-update-tasks-view
30
TaskType
@@ -645,7 +650,7 @@
-
+
cleanup-tasks-view
30
TaskType
@@ -653,7 +658,7 @@
-
+
report-tasks-view
@@ -675,7 +680,7 @@
-
+
non-iterative-bulk-tasks-view
30
TaskType
@@ -683,7 +688,7 @@
-
+
iterative-bulk-tasks-view
30
TaskType
@@ -691,7 +696,7 @@
-
+
report-import-task-view
30
add
@@ -700,7 +705,7 @@
-
+
export-report-tasks-view
add
30
@@ -711,7 +716,7 @@
-
+
export-report-distributed-tasks-view
add
30
@@ -722,7 +727,7 @@
-
+
shadow-integrity-check-task-view
30
add
@@ -731,7 +736,7 @@
-
+
shadows-refresh-task-view
30
add
@@ -740,7 +745,7 @@
-
+
objects-delete-task-view
30
add
@@ -749,7 +754,7 @@
-
+
shadows-delete-long-time-not-updated-task-view
30
add
@@ -758,7 +763,7 @@
-
+
execute-change-task-view
30
add
@@ -767,7 +772,7 @@
-
+
execute-deltas-task-view
30
add
@@ -776,7 +781,7 @@
-
+
reindex-repository-task-view
30
add
@@ -785,7 +790,7 @@
-
+
object-integrity-check-task-view
30
add
@@ -794,7 +799,7 @@
-
+
validity-task-view
30
add
@@ -803,7 +808,7 @@
-
+
trigger-task-view
30
add
@@ -812,7 +817,7 @@
-
+
propagation-task-view
30
add
@@ -821,7 +826,7 @@
-
+
multi-propagation-task-view
30
add
@@ -830,7 +835,7 @@
-
+
certification-tasks-view
30
TaskType
@@ -838,7 +843,7 @@
-
+
approval-tasks-view
30
TaskType
@@ -846,7 +851,7 @@
-
+
utility-tasks-view
30
TaskType
@@ -854,7 +859,7 @@
-
+
system-tasks-view
30
TaskType
@@ -862,21 +867,21 @@
-
+
dashboard-reports-view
ReportType
-
+
collection-reports-view
ReportType
-
+
application-role
add
RoleType
@@ -884,7 +889,7 @@
-
+
business-role
add
RoleType
@@ -892,7 +897,7 @@
-
+
application
@@ -902,7 +907,7 @@
-
+
event-mark
c:MarkType
@@ -911,7 +916,7 @@
-
+
object-mark
c:MarkType
@@ -920,141 +925,235 @@
+
+ Persons
+ This view displays all users with archetype "Person"
+ person-view
+ 10
+ UserType
+
+
+
+
+
+
+
+
+ Allow searching for users having account on specific resource. Intent is not considered. The search item is not displayed by default
+ (visibleByDefault=false).
+
+ true
+
+
+ linkRef/@ matches (
+ . type ShadowType
+ and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()`
+ and kind = "account" )
+
+
+
+
+
+
+ resourceParameter
+ c:ObjectReferenceType
+ ResourceType
+
+
+
+ Allow searching for users not having account on specific resource. Intent is not considered. The search item is not displayed by default
+ (visibleByDefault=false).
+
+ true
+
+
+ linkRef/@ not matches (
+ . type ShadowType
+ and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()`
+ and kind = "account" )
+
+
+
+
+
+
+ resourceParameter
+ c:ObjectReferenceType
+ ResourceType
+
+
+
+
+
+
+ resource-templates
+
+
+
+ All resource templates
+
+ ResourceType.template.all.title
+
+
+ Resource template
+
+ fa fa-file-alt
+
+
+ ResourceType
+
+
+
+
+
-
+
c:TaskType
-
+
advanced-options-panel
-
+
formPanel
-
+
advanced-options
150
- -
+
-
cleanupAfterCompletion
- -
+
-
threadStopAction
- -
+
-
binding
- -
+
-
dependent
-
+
operational-attributes-panel
-
+
formPanel
-
+
operational-attributes
900
- -
+
-
executionState
- -
+
-
schedulingState
- -
+
-
node
- -
+
-
nodeAsObserved
- -
+
-
resultStatus
- -
+
-
result
- -
+
-
nextRunStartTimestamp
- -
+
-
nextRetryTimestamp
- -
+
-
unpauseAction
- -
+
-
taskIdentifier
- -
+
-
parent
- -
+
-
waitingReason
- -
+
-
stateBeforeSuspend
- -
+
-
schedulingStateBeforeSuspend
- -
- category
-
- -
+
-
otherHandlersUriStack
- -
+
-
channel
- -
+
-
subtaskRef
- -
+
-
dependentTaskRef
- -
+
-
lastRunStartTimestamp
- -
+
-
lastRunFinishTimestamp
- -
+
-
completionTimestamp
-
+
910
hidden
operation-attributes-progress
- -
+
-
progress
- -
+
-
expectedTotal
- -
+
-
stalledSince
-
+
c:UserType
-
+
applications
+ modify
roleMemberships
applications
@@ -1072,313 +1171,313 @@
-
-
+
+
rw-type-basic
-
+
basic
- -
+
-
schemaHandling/objectType/displayName
visible
- -
+
-
schemaHandling/objectType/description
visible
- -
+
-
schemaHandling/objectType/kind
visible
- -
+
-
schemaHandling/objectType/intent
visible
- -
+
-
schemaHandling/objectType/securityPolicyRef
visible
- -
+
-
schemaHandling/objectType/default
visible
-
+
hidden
schemaHandling/objectType
rw-type-basic
-
+
rw-type-delineation
-
+
delineation
- -
+
-
schemaHandling/objectType/delineation/objectClass
visible
- -
+
-
schemaHandling/objectType/delineation/auxiliaryObjectClass
visible
- -
+
-
schemaHandling/objectType/delineation/searchHierarchyScope
visible
- -
+
-
schemaHandling/objectType/delineation/filter
visible
- -
+
-
schemaHandling/objectType/delineation/classificationCondition
visible
-
+
hidden
schemaHandling/objectType/delineation
rw-type-delineation
-
+
rw-attribute-limitations
-
+
limitationsMapping
- -
+
-
schemaHandling/objectType/attribute/limitations/access/read
visible
- -
+
-
schemaHandling/objectType/attribute/limitations/access/add
visible
- -
+
-
schemaHandling/objectType/attribute/limitations/access/modify
visible
- -
+
-
schemaHandling/objectType/attribute/limitations/minOccurs
visible
- -
+
-
schemaHandling/objectType/attribute/limitations/maxOccurs
visible
- -
+
-
schemaHandling/objectType/attribute/limitations/processing
visible
-
+
hidden
schemaHandling/objectType/attribute/limitations
rw-attribute-limitations
-
+
rw-synchronization-reaction-main
-
+
reactionMainSetting
- -
+
-
schemaHandling/objectType/synchronization/reaction/name
visible
- -
+
-
schemaHandling/objectType/synchronization/reaction/description
visible
- -
+
-
schemaHandling/objectType/synchronization/reaction/situation
visible
-
+
hidden
schemaHandling/objectType/synchronization/reaction
rw-synchronization-reaction-main
-
+
rw-synchronization-reaction-optional
-
+
reactionOptionalSetting
- -
+
-
schemaHandling/objectType/synchronization/reaction/condition
visible
- -
+
-
schemaHandling/objectType/synchronization/reaction/channel
visible
- -
+
-
schemaHandling/objectType/synchronization/reaction/order
visible
-
+
hidden
schemaHandling/objectType/synchronization/reaction
rw-synchronization-reaction-optional
-
+
rw-attribute
-
+
mainConfigurationAttribute
- -
+
-
schemaHandling/objectType/attribute/ref
visible
- -
+
-
schemaHandling/objectType/attribute/displayName
visible
- -
+
-
schemaHandling/objectType/attribute/help
visible
- -
+
-
schemaHandling/objectType/attribute/description
visible
- -
+
-
schemaHandling/objectType/attribute/tolerant
visible
- -
+
-
schemaHandling/objectType/attribute/exclusiveStrong
visible
- -
+
-
schemaHandling/objectType/attribute/readReplaceMode
visible
- -
+
-
schemaHandling/objectType/attribute/fetchStrategy
visible
- -
+
-
schemaHandling/objectType/attribute/matchingRule
visible
-
+
hidden
schemaHandling/objectType/attribute
rw-attribute
-
+
rw-association
-
+
association
- -
+
-
schemaHandling/objectType/association/ref
visible
- -
+
-
schemaHandling/objectType/association/displayName
visible
- -
+
-
schemaHandling/objectType/association/description
visible
- -
+
-
schemaHandling/objectType/association/auxiliaryObjectClass
visible
- -
+
-
schemaHandling/objectType/association/kind
visible
- -
+
-
schemaHandling/objectType/association/intent
visible
- -
+
-
schemaHandling/objectType/association/direction
visible
- -
+
-
schemaHandling/objectType/association/associationAttribute
visible
- -
+
-
schemaHandling/objectType/association/shortcutAssociationAttribute
visible
- -
+
-
schemaHandling/objectType/association/valueAttribute
visible
- -
+
-
schemaHandling/objectType/association/shortcutValueAttribute
visible
- -
+
-
schemaHandling/objectType/association/explicitReferentialIntegrity
visible
-
+
hidden
schemaHandling/objectType/association
rw-association
-
-
+
+
rw-connectorConfiguration-partial
-
+
required
- -
+
-
connectorConfiguration/configurationProperties/jdbcUrlTemplate
- -
+
-
connectorConfiguration/configurationProperties/jdbcDriver
- -
+
-
connectorConfiguration/configurationProperties/password
- -
+
-
connectorConfiguration/configurationProperties/user
- -
+
-
connectorConfiguration/configurationProperties/port
- -
+
-
connectorConfiguration/configurationProperties/host
- -
+
-
connectorConfiguration/configurationProperties/database
-
+
hidden
connectorConfiguration/configurationProperties
@@ -1400,33 +1499,33 @@
-
-
+
+
rw-connectorConfiguration-partial
-
+
required
- -
+
-
connectorConfiguration/configurationProperties/host
- -
+
-
connectorConfiguration/configurationProperties/port
- -
+
-
connectorConfiguration/configurationProperties/connectionSecurity
- -
+
-
connectorConfiguration/configurationProperties/bindDn
visible
- -
+
-
connectorConfiguration/configurationProperties/bindPassword
visible
-
+
hidden
connectorConfiguration/configurationProperties
@@ -1448,33 +1547,33 @@
-
-
+
+
rw-connectorConfiguration-partial
-
+
required
- -
+
-
connectorConfiguration/configurationProperties/host
- -
+
-
connectorConfiguration/configurationProperties/port
- -
+
-
connectorConfiguration/configurationProperties/connectionSecurity
- -
+
-
connectorConfiguration/configurationProperties/bindDn
visible
- -
+
-
connectorConfiguration/configurationProperties/bindPassword
visible
-
+
hidden
connectorConfiguration/configurationProperties
@@ -1498,22 +1597,22 @@
true
-
+
admin-dashboard
-
+
allRoles
true
allRoles
-
+
allOrgs
allOrgs
-
+
allServices
allServices
@@ -1526,7 +1625,7 @@
-
+
safe
"Safe" expression profile. It is supposed to contain only operations that are "safe",
@@ -1537,26 +1636,26 @@
without any guarantees. Use at your own risk.
deny
-
+
asIs
allow
-
+
path
allow
-
+
value
allow
-
+
const
allow
-
+
script
deny
-
-
+
script-safe
deny
-
+
com.evolveum.midpoint.xml.ns._public.common.common_3
MidPoint common schema - generated bean classes
allow
-
+
com.evolveum.prism.xml.ns._public.types_3
Prism schema - bean classes
allow
-
+
java.lang.Integer
allow
-
+
java.lang.Object
Basic Java operations.
deny
-
+
equals
allow
-
+
hashCode
allow
-
+
java.lang.String
String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
allow
-
+
execute
deny
-
+
java.lang.CharSequence
allow
-
+
java.lang.Enum
allow
-
+
java.util.List
List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
allow
-
+
execute
deny
-
+
java.util.ArrayList
List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
allow
-
+
execute
deny
-
+
java.util.Map
allow
-
+
java.util.HashMap
allow
-
+
java.util.Date
allow
-
+
javax.xml.namespace.QName
allow
-
+
javax.xml.datatype.XMLGregorianCalendar
allow
-
+
java.lang.System
Just a few methods of System are safe enough.
deny
-
+
currentTimeMillis
allow
-
+
java.lang.IllegalStateException
Basic Java exception. Also used in test.
allow
-
+
java.lang.IllegalArgumentException
Basic Java exception.
allow
-
+
com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions
MidPoint basic functions library
allow
-
+
com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions
MidPoint logging functions library
allow
-
+
com.evolveum.midpoint.report.impl.ReportFunctions
MidPoint report functions library
allow
-
+
org.apache.commons.lang3.StringUtils
Apache Commons: Strings
allow
diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml
index 1d38ec4..377a686 100644
--- a/demo/shibboleth/docker-compose-tests.yml
+++ b/demo/shibboleth/docker-compose-tests.yml
@@ -5,7 +5,7 @@ version: "3.3"
services:
data_init:
- image: i2incommon/midpoint:${tag:-4.7.2}
+ image: i2incommon/midpoint:${tag:-4.8}
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
@@ -61,7 +61,7 @@ services:
build:
context: ./midpoint_server/
args:
- tag: ${tag:-4.7.2}
+ tag: ${tag:-4.8}
command: /usr/local/bin/startup.sh
depends_on:
- data_init
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
index 805e053..5f908dd 100644
--- a/demo/shibboleth/docker-compose.yml
+++ b/demo/shibboleth/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
services:
data_init:
- image: i2incommon/midpoint:${tag:-4.7.2}
+ image: i2incommon/midpoint:${tag:-4.8}
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
@@ -58,7 +58,7 @@ services:
build:
context: ./midpoint_server/
args:
- tag: ${tag:-4.7.2}
+ tag: ${tag:-4.8}
command: /usr/local/bin/startup.sh
depends_on:
- data_init
diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile
index 0e8d4f0..d1ef481 100644
--- a/demo/shibboleth/midpoint_server/Dockerfile
+++ b/demo/shibboleth/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.7.2
+ARG tag=4.8
FROM i2incommon/midpoint:${tag}
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
index bb86eb7..da3f8e7 100644
--- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
+++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
@@ -1,7 +1,3 @@
-
-
Default Security Policy
@@ -12,6 +8,11 @@
httpBasic
+
+ httpHeader
+ REMOTE_USER
+ https://localhost:8443/Shibboleth.sso/Logout
+
mySamlSso
My internal enterprise SAML-based SSO system.
@@ -41,11 +42,6 @@
-
- httpHeader
- https://localhost:8443/Shibboleth.sso/Logout
- REMOTE_USER
-
admin-gui-saml-internal
@@ -64,7 +60,7 @@
- admin-gui-emergency
+ admin-gui-emergency
Special GUI authentication sequence that is using just the internal user password.
@@ -76,20 +72,20 @@
- internalLoginForm
+ internalLoginForm
30
sufficient
- admin-gui-default
+ admin-gui-default
Default gui sequence
Special GUI authentication sequence that is using Shibboleth SP
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
+ true
shib
@@ -101,8 +97,8 @@
rest-default
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest
+ true
rest-default
@@ -114,8 +110,8 @@
actuator-default
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator
+ true
actuator-default
@@ -136,4 +132,3 @@
-
diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml
index c62b7e1..83aeb19 100644
--- a/demo/simple/docker-compose.yml
+++ b/demo/simple/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
services:
data_init:
- image: i2incommon/midpoint:${tag:-4.7.2}
+ image: i2incommon/midpoint:${tag:-4.8}
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
@@ -57,7 +57,7 @@ services:
- mp_pw:/opt/mp-pw
midpoint_server:
- image: i2incommon/midpoint:${tag:-4.7.2}
+ image: i2incommon/midpoint:${tag:-4.8}
depends_on:
- data_init
- midpoint_data
diff --git a/download-midpoint.sh b/download-midpoint.sh
index d171b59..7c35db6 100755
--- a/download-midpoint.sh
+++ b/download-midpoint.sh
@@ -10,7 +10,7 @@ else
# But if we need to incorporate interim changes to I2 distribution during
# midPoint development cycle, we can specify concrete file from "midpoint-tier"
# download directory by using its name (like "latest-stable").
- MP_VERSION="4.7.2"
+ MP_VERSION="4.8"
else
MP_VERSION=$tag
fi