From f6f86875d8a34a332bf6a2e43a0d8318c7052e68 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Sat, 17 Jun 2023 13:54:32 -0500
Subject: [PATCH 001/126] Update f2f-midpoint.adoc
---
f2f-midpoint.adoc | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/f2f-midpoint.adoc b/f2f-midpoint.adoc
index 98bfaa1..088c6a7 100644
--- a/f2f-midpoint.adoc
+++ b/f2f-midpoint.adoc
@@ -9,22 +9,21 @@
* Canvas
-* SaaS
+* Grafana/Loki
-* ...
-
-*- planned fixes and enhancements for existing integrations -*
+*
* ...
+
*- potential new integrations -*
-* ...
+* Box, git, AD, AAD
-*- gaps -*
+* Google handled by TSG, not federated
-* ...
+* Sympa
-*- other points to mention -*
+* AWS Ident Ctr: SCIM 2; Gietz: Inbound to mP SCIM overlay
* ...
From fd6a260c749877de9fc1d373aa2a12a6dbb45806 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 19 Jun 2023 08:44:56 -0500
Subject: [PATCH 002/126] MBProMax
---
.DS_Store | Bin 10244 -> 10244 bytes
async-message-resources.adoc | 53 +++++++++++++----------------------
async-msg-resources.adoc | 31 ++++++++++++++++++++
id/.DS_Store | Bin 0 -> 6148 bytes
4 files changed, 50 insertions(+), 34 deletions(-)
create mode 100644 async-msg-resources.adoc
create mode 100644 id/.DS_Store
diff --git a/.DS_Store b/.DS_Store
index 786a6276637cb313d9e595c5c278ebaa74235cb5..f359683438a8bd55c4e6854128d2dff420038366 100644
GIT binary patch
delta 159
zcmZn(XbG6$&nUVvU^hRb=wu#&7M`T?;)0}{{3HejhHaB21PfKgs;ez^6ikh3brh-%
zjV(-d6wD1xYHK+;M3wcegW|Jua`W;#CT|p!7wZJ-VPQyP$YjW2NKGkD&PmG8&taV0
zB2X<07cL7f%FD^mO9v`t1Y#zj;*`k`1tll*2;OC6-26&Vkash?!Y`K1Uxk^O0RkK>
AMF0Q*
delta 49
zcmZn(XbG6$&nUPtU^hRb;A9?wmdV9}`IEVYUQK2f65Pxt%*ea3fQNB2yTUJ)&AejF
F%m9Rj4nqI{
diff --git a/async-message-resources.adoc b/async-message-resources.adoc
index 594705d..dbc43f6 100644
--- a/async-message-resources.adoc
+++ b/async-message-resources.adoc
@@ -1,46 +1,31 @@
+=== async-msg-resources.adoc
+
# Async Message Resources
#### The Protocol
-https://www.amqp.org/specification/0-9-1/amqp-org-download
- <= AMQP Protocol 0.9.1 +
-http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf
- <= AMQP Core Complete v1.0 (pdf) +
+https://www.amqp.org/specification/0-9-1/amqp-org-download\n <- AMQP Protocol 0.9.1 +
+http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf <- AMQP Core Complete v1.0 (pdf) +
#### Rabbit AMQP
-https://rabbitmq.com/reliability.html
- <= +
-https://rabbitmq.com/download.html
- <= download and install page +
-https://github.com/rabbitmq/rabbitmq-server
- <= +
-https://rabbitmq.com/documentation.html
- <= +
-https://rabbitmq.com/configure.html
- <= +
-https://rabbitmq.com/queues.html
- <= +
+https://rabbitmq.com/reliability.html\n <- +
+https://rabbitmq.com/download.html\n <- download and install page +
+https://github.com/rabbitmq/rabbitmq-server\n <- +
+https://rabbitmq.com/documentation.html\n <- +
+https://rabbitmq.com/configure.html\n <- +
+https://rabbitmq.com/queues.html\n <- +
#### Apache QPID
-https://qpid.apache.org/index.html
- <= +
-https://github.com/amqphub/quarkus-qpid-jms-quickstart
- <= +
+https://qpid.apache.org/index.html\n <- +
+https://github.com/amqphub/quarkus-qpid-jms-quickstart\n <- +
#### Intros and Tutorials
-https://ably.com/topic/intro-to-amqp-0-9-1
- <= AMQP 0.9.1 +
-https://ably.com/topic/intro-to-amqp-1-0
- <= AMQP 1.0 +
-https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/
- <= +
-https://spring.io/projects/spring-amqp
- <= +
+https://ably.com/topic/intro-to-amqp-0-9-1\n <- AMQP 0.9.1 +
+https://ably.com/topic/intro-to-amqp-1-0\n <- AMQP 1.0 +
+https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/\n <- +
+https://spring.io/projects/spring-amqp\n <- +
#### Challenges: Ordering of Event
-https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff
- <= +
-https://medium.com/baseds/logical-time-and-lamport-clocks-part-1-d0317e407112
- <= +
-https://medium.com/baseds/logical-time-and-lamport-clocks-part-2-272c097dcdda
- <= +
+https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff\n <- +
+https://medium.com/baseds/logical-time-and-lamport-clocks-part-1-d0317e407112 <- +
+https://medium.com/baseds/logical-time-and-lamport-clocks-part-2-272c097dcdda <- +
diff --git a/async-msg-resources.adoc b/async-msg-resources.adoc
new file mode 100644
index 0000000..dbc43f6
--- /dev/null
+++ b/async-msg-resources.adoc
@@ -0,0 +1,31 @@
+=== async-msg-resources.adoc
+
+# Async Message Resources
+
+#### The Protocol
+https://www.amqp.org/specification/0-9-1/amqp-org-download\n <- AMQP Protocol 0.9.1 +
+http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf <- AMQP Core Complete v1.0 (pdf) +
+
+#### Rabbit AMQP
+https://rabbitmq.com/reliability.html\n <- +
+https://rabbitmq.com/download.html\n <- download and install page +
+https://github.com/rabbitmq/rabbitmq-server\n <- +
+https://rabbitmq.com/documentation.html\n <- +
+https://rabbitmq.com/configure.html\n <- +
+https://rabbitmq.com/queues.html\n <- +
+
+#### Apache QPID
+https://qpid.apache.org/index.html\n <- +
+https://github.com/amqphub/quarkus-qpid-jms-quickstart\n <- +
+
+#### Intros and Tutorials
+
+https://ably.com/topic/intro-to-amqp-0-9-1\n <- AMQP 0.9.1 +
+https://ably.com/topic/intro-to-amqp-1-0\n <- AMQP 1.0 +
+https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/\n <- +
+https://spring.io/projects/spring-amqp\n <- +
+
+#### Challenges: Ordering of Event
+https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff\n <- +
+https://medium.com/baseds/logical-time-and-lamport-clocks-part-1-d0317e407112 <- +
+https://medium.com/baseds/logical-time-and-lamport-clocks-part-2-272c097dcdda <- +
diff --git a/id/.DS_Store b/id/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..6b56b0f31f1d30356fd73d6b4b0c9a294caab7f0
GIT binary patch
literal 6148
zcmeHKJFWsT477m)L_<lLD?CmRAt<Q10OHf3hs3AfigR%^#-9ST&_RR7k~4|pNt7wp
zYZ1}uW&0;G5|KXKP_8z#&GyY(*2#zh;W*<c|FV;_Otz<1_UnLg2eJU~4CVuWvtJ($
zd)uZ_0V+TRr~nn90v}W$i)(-Q!83Uj6`%sYp@4lK3f!<JHi7=>z~C(au!pc4=H5#H
ziv@r+u?a*3ra=V;RkOv=pd(%~uO>EuK^M*DL-S_M4n_TToL@X$v<7md0#x8xfo?2E
zR{!VlH~s%Ji7P5V1%65a?ah|6DV~(Iwe>iwwFSO{Th0w`hPhKPcsT}oImW`u@z|3h
auh<;>HL(eFI^s?T@@K$wp;3WvD{u!jcoioA
literal 0
HcmV?d00001
From 12c087f603241061e86cc227f0396144372210af Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 19 Jun 2023 08:47:48 -0500
Subject: [PATCH 003/126] MBProMax
---
async-message-resources.adoc | 31 -------------------------------
1 file changed, 31 deletions(-)
delete mode 100644 async-message-resources.adoc
diff --git a/async-message-resources.adoc b/async-message-resources.adoc
deleted file mode 100644
index dbc43f6..0000000
--- a/async-message-resources.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-=== async-msg-resources.adoc
-
-# Async Message Resources
-
-#### The Protocol
-https://www.amqp.org/specification/0-9-1/amqp-org-download\n <- AMQP Protocol 0.9.1 +
-http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf <- AMQP Core Complete v1.0 (pdf) +
-
-#### Rabbit AMQP
-https://rabbitmq.com/reliability.html\n <- +
-https://rabbitmq.com/download.html\n <- download and install page +
-https://github.com/rabbitmq/rabbitmq-server\n <- +
-https://rabbitmq.com/documentation.html\n <- +
-https://rabbitmq.com/configure.html\n <- +
-https://rabbitmq.com/queues.html\n <- +
-
-#### Apache QPID
-https://qpid.apache.org/index.html\n <- +
-https://github.com/amqphub/quarkus-qpid-jms-quickstart\n <- +
-
-#### Intros and Tutorials
-
-https://ably.com/topic/intro-to-amqp-0-9-1\n <- AMQP 0.9.1 +
-https://ably.com/topic/intro-to-amqp-1-0\n <- AMQP 1.0 +
-https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/\n <- +
-https://spring.io/projects/spring-amqp\n <- +
-
-#### Challenges: Ordering of Event
-https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff\n <- +
-https://medium.com/baseds/logical-time-and-lamport-clocks-part-1-d0317e407112 <- +
-https://medium.com/baseds/logical-time-and-lamport-clocks-part-2-272c097dcdda <- +
From 0f6c923176f31847853cddc08a54483bbce2ed9f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 19 Jun 2023 11:27:52 -0500
Subject: [PATCH 004/126] MBProMax
---
.DS_Store | Bin 10244 -> 10244 bytes
async-msg-resources.adoc | 28 ++++++++++++++--------------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/.DS_Store b/.DS_Store
index f359683438a8bd55c4e6854128d2dff420038366..9d7a7ce118abcefb6e5ec0927fe93a8c26c005dd 100644
GIT binary patch
delta 16
XcmZn(XbITxRcJE1kl<!E;eR3kH|hoZ
delta 14
VcmZn(XbITxRfv&s^EV+rQ2;E?1wa4*
diff --git a/async-msg-resources.adoc b/async-msg-resources.adoc
index dbc43f6..b52a457 100644
--- a/async-msg-resources.adoc
+++ b/async-msg-resources.adoc
@@ -3,29 +3,29 @@
# Async Message Resources
#### The Protocol
-https://www.amqp.org/specification/0-9-1/amqp-org-download\n <- AMQP Protocol 0.9.1 +
+https://www.amqp.org/specification/0-9-1/amqp-org-download <- AMQP Protocol 0.9.1 +
http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf <- AMQP Core Complete v1.0 (pdf) +
#### Rabbit AMQP
-https://rabbitmq.com/reliability.html\n <- +
-https://rabbitmq.com/download.html\n <- download and install page +
-https://github.com/rabbitmq/rabbitmq-server\n <- +
-https://rabbitmq.com/documentation.html\n <- +
-https://rabbitmq.com/configure.html\n <- +
-https://rabbitmq.com/queues.html\n <- +
+https://rabbitmq.com/reliability.html <- +
+https://rabbitmq.com/download.html <- download and install page +
+https://github.com/rabbitmq/rabbitmq-server <- +
+https://rabbitmq.com/documentation.html <- +
+https://rabbitmq.com/configure.html <- +
+https://rabbitmq.com/queues.html <- +
#### Apache QPID
-https://qpid.apache.org/index.html\n <- +
-https://github.com/amqphub/quarkus-qpid-jms-quickstart\n <- +
+https://qpid.apache.org/index.html <- +
+https://github.com/amqphub/quarkus-qpid-jms-quickstart <- +
#### Intros and Tutorials
-https://ably.com/topic/intro-to-amqp-0-9-1\n <- AMQP 0.9.1 +
-https://ably.com/topic/intro-to-amqp-1-0\n <- AMQP 1.0 +
-https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/\n <- +
-https://spring.io/projects/spring-amqp\n <- +
+https://ably.com/topic/intro-to-amqp-0-9-1 <- AMQP 0.9.1 +
+https://ably.com/topic/intro-to-amqp-1-0 <- AMQP 1.0 +
+https://jstobigdata.com/rabbitmq/complete-rabbitmq-tutorial-in-java/ <- +
+https://spring.io/projects/spring-amqp <- +
#### Challenges: Ordering of Event
-https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff\n <- +
+https://medium.com/baseds/ordering-distributed-events-29c1dd9d1eff <- +
https://medium.com/baseds/logical-time-and-lamport-clocks-part-1-d0317e407112 <- +
https://medium.com/baseds/logical-time-and-lamport-clocks-part-2-272c097dcdda <- +
From 45969cffca1d326c6097e5e61f26d0d81fde8b14 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 08:54:51 -0500
Subject: [PATCH 005/126] Create grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 grouper-midpoint-testing.adoc
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
new file mode 100644
index 0000000..811cc8c
--- /dev/null
+++ b/grouper-midpoint-testing.adoc
@@ -0,0 +1,17 @@
+testGroups.adoc
+
+- - -
+_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
+
+Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
+
+This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csy and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
+
+To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
+
+I've created a sudo-capable account for you so you can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
+
+ssh slavek@khazelton.workbench.incommon.org
+password is the usual midPoint one with '-!' appended.
+
+If you want to grab the zipped version, use sudo scp to bring over /home/csprootuser/COmanageMatchSampleData.tar.gz
From a1c4a28e01e2b174944f7bf82a816c3bd90c3994 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 08:56:29 -0500
Subject: [PATCH 006/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 811cc8c..fffdf22 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -9,9 +9,8 @@ This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Match
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
-I've created a sudo-capable account for you so you can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
+I've created a sudo-capable account for Slavek so he can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
ssh slavek@khazelton.workbench.incommon.org
-password is the usual midPoint one with '-!' appended.
If you want to grab the zipped version, use sudo scp to bring over /home/csprootuser/COmanageMatchSampleData.tar.gz
From 35cb902ce326ab6589a645a2aef67bd6928ba00f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 08:59:59 -0500
Subject: [PATCH 007/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index fffdf22..84c94e2 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large numbe
Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
-This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csy and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
+This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
From c6d6e355b6742c9353ac07554907c3636a68ec1f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 09:29:21 -0500
Subject: [PATCH 008/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 84c94e2..278741e 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large numbe
Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
-This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
+This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: org:test:hrms and org:test:sis.
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
From 6591717df013d6b1cf5120fa6fd1f8c6828af3f1 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 09:29:57 -0500
Subject: [PATCH 009/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 278741e..4689a3f 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -7,7 +7,7 @@ Two large csv files of test data are now available on khazelton.workbench.incomm
This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: org:test:hrms and org:test:sis.
-To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
+To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘org:test:bcd’. resulting in up to 1000 groups.
I've created a sudo-capable account for Slavek so he can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
From 65c1bed82609fdc45cddfca8f64af90a50d3098c Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 09:35:20 -0500
Subject: [PATCH 010/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 4689a3f..84c94e2 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,9 +5,9 @@ _2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large numbe
Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
-This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: org:test:hrms and org:test:sis.
+This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
-To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘org:test:bcd’. resulting in up to 1000 groups.
+To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
I've created a sudo-capable account for Slavek so he can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
From 3201f044534be1924575e6d50daf182565c60a16 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 09:45:52 -0500
Subject: [PATCH 011/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 84c94e2..f551f48 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large numbe
Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
-This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large groups: ref:test:hrms and ref:test:sis.
+This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
From 94719c27c1b40527b51914be683fe48ecc8d7f49 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Mon, 31 Jul 2023 09:47:27 -0500
Subject: [PATCH 012/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index f551f48..c3de104 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -9,7 +9,7 @@ This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Match
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
-I've created a sudo-capable account for Slavek so he can work with this data when/if you like. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
+I've created a sudo-capable account for Slavek so he can work with this data when/if he likes. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
ssh slavek@khazelton.workbench.incommon.org
From edd5bdb8e0090c72deee02297919b91a4a0bdcc2 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 07:59:23 -0500
Subject: [PATCH 013/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 66 +++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index c3de104..d1ca3ea 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -14,3 +14,69 @@ I've created a sudo-capable account for Slavek so he can work with this data whe
ssh slavek@khazelton.workbench.incommon.org
If you want to grab the zipped version, use sudo scp to bring over /home/csprootuser/COmanageMatchSampleData.tar.gz
+
+- - -
+_2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships_
+
+khazelton.workbench.incommon.org <- test platform
+
+*- With midPoint 4.6 -*
+
+- copy data files to defined locations:
+
+ cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
+
+ cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv +
+
+- Edit docker-compose.yml to bind these volumes to the container using +
+
+ ...
+ - type: bind
+ source: ./midpoint_server/container_files/csv/source-sis.csv
+ target: /opt/midpoint/csv/source-sis.csv
+ - type: bind
+ source: ./midpoint_server/container_files/csv/source-hrms.csv
+ target: /opt/midpoint/csv/source-hrms.csv
+ ...
+
+- Connect to the workbench instance using midPoint Studio
+
+- Model the resource definitions for hrms.csv and sis.csv on the existing workbench file +
+ kb-wb/objects/resources/SourceHRSystem.xml
+naming them +
+ kb-wb/objects/resources/SourceTestHrmsSystem.xml and +
+ kb-wb/objects/resources/SourceTestSisSystem.xml
+
+- First line of .csv files should contain comma-delimited field names
+ sorid,given,surname,email,ph#,cntry-code,natID,occup,dept,RefID
+
+- Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
+ /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
+ /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+into a midPoint organization, ‘test’.
+
+- Run reconciliation on a sample user and verify correctness of midPoint objects
+
+- Add LDAP accounts for each user (about 100000 users).
+
+*- With Grouper -*
+
+- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
+
+- Use Grouper loader jobs with LDAP as a subject source +
+Put those users into two large reference groups: +
+ref:test:hrms and +
+ref:test:sis +
+
+- Create a large number of small groups based on the last three digits of the
+‘natID’ attribute, +
+a string formatted as a US social security number: +
+ xxxx-xx-abcd +
+with this example natID, the user would be added to the group +
+ ‘ref:test:bcd’
+
+- Loading all records Will create up to 1000 groups.
+
+.
+
+- - -
From 365bdfd04dc111c5d246da4ca6e1919cfa0d2aaa Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:00:03 -0500
Subject: [PATCH 014/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index d1ca3ea..d76a1fe 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,7 +3,7 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
-Two large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
+Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
From 707b4c1914c3fe6570981a313af9d7493ee07339 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:00:53 -0500
Subject: [PATCH 015/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index d76a1fe..90203d9 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,7 +3,8 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
-Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, COmanageMatchSampleData.tar.gz.
+Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
+ COmanageMatchSampleData.tar.gz.
This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
From 3096ed2513acc4bccc91d38336f5446b7978a9f0 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:05:10 -0500
Subject: [PATCH 016/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 90203d9..5255e77 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -6,7 +6,10 @@ _2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large numbe
Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
COmanageMatchSampleData.tar.gz.
-This morning I will be importing /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and …/Matched/sis.csv into a midPoint organization, ‘test’. I will add LDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
+Import
+ /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
+ /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
From 61c94d62a3593496beefdda441ed656606aaca12 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:11:59 -0500
Subject: [PATCH 017/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 5255e77..5fb2588 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -11,13 +11,14 @@ Import
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
-To create a large number of small groups, I’ll create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
+To create a large number of small groups, create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
-I've created a sudo-capable account for Slavek so he can work with this data when/if he likes. For now only the raw affiliation member files are available. I'll let you know when the testing setup is complete.
+Create a sudo-capable account to work with this data.
-ssh slavek@khazelton.workbench.incommon.org
+ssh user@my.workbench.incommon.org
-If you want to grab the zipped version, use sudo scp to bring over /home/csprootuser/COmanageMatchSampleData.tar.gz
+If you want to grab the zipped archive of all the .csv files, use
+ sudo scp /home/csprootuser/COmanageMatchSampleData.tar.gz
- - -
_2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships_
From da1bf197cbcb300e645959a1c9480206b333fa24 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:15:23 -0500
Subject: [PATCH 018/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 5fb2588..31f5b81 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,7 +3,7 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
-Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
+Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, +
COmanageMatchSampleData.tar.gz.
Import
From b5109ec8af1c962db77871946c4c6dd382641f83 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:16:32 -0500
Subject: [PATCH 019/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 31f5b81..cfbe172 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -4,8 +4,10 @@ testGroups.adoc
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, +
- COmanageMatchSampleData.tar.gz.
-
+```
+COmanageMatchSampleData.tar.gz
+```
+
Import
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
From 85b2a8b84e715d1d5cac27f1d79c16176f80a841 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:18:20 -0500
Subject: [PATCH 020/126] MBProMax
---
.DS_Store | Bin 10244 -> 10244 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/.DS_Store b/.DS_Store
index 9d7a7ce118abcefb6e5ec0927fe93a8c26c005dd..708797474304bad662ea711732b081f8d8c0e334 100644
GIT binary patch
delta 331
zcmZn(XbG6$&nUSuU^hRb<YXQJ$+*5e83qOh76v_rbcRfZlH7b3m!zEhB%m0_V$Z3^
zV-$`$qROY>l`qIJ3{K9^Edc6aV3^!6xmn<EEbFW$un}oM3vw7zk*#1<lwZ7&18N0a
z9$^JGc@!(yCf^m*OJM?<oRX7{WHp1FAka>*II?|H?Jq4ZmIK=dl|$HtE{9?dgTZEY
Sp&7iJ*%f}VY@R8?%nSeoKvInW
delta 233
zcmZn(XbG6$&nUVvU^hRb=wu!N$++$fJq!#CEDU-K=?s|+CAs-7E=f80NkB0U<%Y_V
z*$<95qROY>l`qIJ3{K9^Edc6aVCY>ixmn<EEX&H{U?b9i7UVFbB3toZ@{hdF9;g*?
kd4v_%<Wa0(oqShNZ*#HG6yAvi8JpP^ez9!M6lG=x08cAG;s5{u
From 3212497314f12f36fb21a1231a6bad3cb265602b Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:45:35 -0500
Subject: [PATCH 021/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 65 +++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index cfbe172..194b2f4 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -1,4 +1,69 @@
testGroups.adoc
+- - -
+
+grpr-mp.adoc
+
+2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships
+
+Test platform: {my}.workbench.incommon.org
+
+- With midPoint 4.6 -
+
+copy data files to defined locations:
+
+cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
+cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv +
+Edit docker-compose.yml to bind these volumes to the container using
+
+...
+- type: bind
+ source: ./midpoint_server/container_files/csv/source-sis.csv
+ target: /opt/midpoint/csv/source-sis.csv
+- type: bind
+ source: ./midpoint_server/container_files/csv/source-hrms.csv
+ target: /opt/midpoint/csv/source-hrms.csv
+...
+Connect to the workbench instance using midPoint Studio
+
+Model the resource definitions for hrms.csv and sis.csv on the existing workbench file
+
+naming them
+
+kb-wb/objects/resources/SourceTestHrmsSystem.xml
+and
+
+kb-wb/objects/resources/SourceTestSisSystem.xml
+First line of .csv files should contain comma-delimited field names
+
+Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
+
+/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+and
+
+/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+into a midPoint organization, ‘test’.
+
+Run reconciliation on a sample user and verify correctness of midPoint objects
+
+Add LDAP accounts for each user (about 100000 users).
+
+- With Grouper -
+
+Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
+
+Use Grouper loader jobs with LDAP as a subject source
+Put those users into two large reference groups:
+
+ref:test:hrms
+ref:test:sis
+Create a large number of small groups based on the last three digits of the ‘natID’ attribute,
+a string formatted as a US social security number:
+xxxx-xx-abcd
+with this example natID, the user would be added to the group
+
+Loading all records Will create up to 1000 groups.
+
+.
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
From cd94e4ff7c7dc816bb76e9455f9cb435ed6e8ccc Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:45:56 -0500
Subject: [PATCH 022/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 1 +
1 file changed, 1 insertion(+)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 194b2f4..a6cd3d4 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -1,4 +1,5 @@
testGroups.adoc
+
- - -
grpr-mp.adoc
From 211818bec827e631b918dd87beb426fabfe6a733 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:46:19 -0500
Subject: [PATCH 023/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index a6cd3d4..87aac0f 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -2,7 +2,7 @@ testGroups.adoc
- - -
-grpr-mp.adoc
+=== grpr-mp.adoc
2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships
From a5a18027607e3036dad4e9746b043f64136f90ad Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:47:52 -0500
Subject: [PATCH 024/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 66 -----------------------------------
1 file changed, 66 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 87aac0f..cfbe172 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -1,71 +1,5 @@
testGroups.adoc
-- - -
-
-=== grpr-mp.adoc
-
-2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships
-
-Test platform: {my}.workbench.incommon.org
-
-- With midPoint 4.6 -
-
-copy data files to defined locations:
-
-cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
-cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv +
-Edit docker-compose.yml to bind these volumes to the container using
-
-...
-- type: bind
- source: ./midpoint_server/container_files/csv/source-sis.csv
- target: /opt/midpoint/csv/source-sis.csv
-- type: bind
- source: ./midpoint_server/container_files/csv/source-hrms.csv
- target: /opt/midpoint/csv/source-hrms.csv
-...
-Connect to the workbench instance using midPoint Studio
-
-Model the resource definitions for hrms.csv and sis.csv on the existing workbench file
-
-naming them
-
-kb-wb/objects/resources/SourceTestHrmsSystem.xml
-and
-
-kb-wb/objects/resources/SourceTestSisSystem.xml
-First line of .csv files should contain comma-delimited field names
-
-Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
-
-/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
-and
-
-/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-into a midPoint organization, ‘test’.
-
-Run reconciliation on a sample user and verify correctness of midPoint objects
-
-Add LDAP accounts for each user (about 100000 users).
-
-- With Grouper -
-
-Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
-
-Use Grouper loader jobs with LDAP as a subject source
-Put those users into two large reference groups:
-
-ref:test:hrms
-ref:test:sis
-Create a large number of small groups based on the last three digits of the ‘natID’ attribute,
-a string formatted as a US social security number:
-xxxx-xx-abcd
-with this example natID, the user would be added to the group
-
-Loading all records Will create up to 1000 groups.
-
-.
-
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
From ad0189913f9ec2a1f3bcc7eab777ddb85c99e742 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:48:10 -0500
Subject: [PATCH 025/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 1 -
1 file changed, 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index cfbe172..6d9725d 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -84,6 +84,5 @@ with this example natID, the user would be added to the group +
- Loading all records Will create up to 1000 groups.
-.
- - -
From eed212a1e2a4da322dd2162bf298ddf633c320bb Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:49:41 -0500
Subject: [PATCH 026/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 6d9725d..2fd8bce 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -27,7 +27,7 @@ _2023-07-31 10:59:07 setting up grouper / midpoint environment for large N group
khazelton.workbench.incommon.org <- test platform
-*- With midPoint 4.6 -*
+==== With midPoint 4.6
- copy data files to defined locations:
@@ -66,7 +66,7 @@ into a midPoint organization, ‘test’.
- Add LDAP accounts for each user (about 100000 users).
-*- With Grouper -*
+==== With Grouper
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
From 4ad942dc3cebd7e0a7018126e42e36e204e0a36c Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 08:51:20 -0500
Subject: [PATCH 027/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 2fd8bce..92d4420 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -11,7 +11,11 @@ COmanageMatchSampleData.tar.gz
Import
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 100000 users). I’ll then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups: ref:test:hrms and ref:test:sis.
+into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 100000 users) +
+Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
+ ref:test:hrms
+and
+ ref:test:sis.
To create a large number of small groups, create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
From 0acfa83b2341d9a8f084919f2a29721c3447fef9 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 09:43:10 -0500
Subject: [PATCH 028/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 1 +
1 file changed, 1 insertion(+)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 92d4420..835d005 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -88,5 +88,6 @@ with this example natID, the user would be added to the group +
- Loading all records Will create up to 1000 groups.
+.
- - -
From 419c614dcffb2e76d6ce4a0120380b737715bcd2 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 09:45:40 -0500
Subject: [PATCH 029/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 835d005..9d57bca 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -11,7 +11,7 @@ COmanageMatchSampleData.tar.gz
Import
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 100000 users) +
+into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
ref:test:hrms
and
From d662a8c9d10bb52045baf91c85a889d609feb4e6 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:08:36 -0500
Subject: [PATCH 030/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 9d57bca..613d5d9 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -8,9 +8,11 @@ Two sets of large csv files of test data are now available on khazelton.workbenc
COmanageMatchSampleData.tar.gz
```
-Import
- /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
+Import +
+ /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+
into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
ref:test:hrms
From c454cf66215d94c532cad0a1817f0ec5278e1282 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:09:34 -0500
Subject: [PATCH 031/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 613d5d9..8f09cca 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -9,9 +9,11 @@ COmanageMatchSampleData.tar.gz
```
Import +
- /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+```/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+```
and
- /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+ ```/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+ ```
into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
From 41dca350539c3d7243b691e3794d76d3108ba6d5 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:10:08 -0500
Subject: [PATCH 032/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 8f09cca..e7037f6 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -8,7 +8,7 @@ Two sets of large csv files of test data are now available on khazelton.workbenc
COmanageMatchSampleData.tar.gz
```
-Import +
+Import
```/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
```
and
From 530e4ea1b48e462a683ce498210ac074e6a072d8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:10:24 -0500
Subject: [PATCH 033/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 1 +
1 file changed, 1 insertion(+)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index e7037f6..c581bde 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -9,6 +9,7 @@ COmanageMatchSampleData.tar.gz
```
Import
+
```/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
```
and
From f0daddcf4a92e39c4d3b239948fb18f6a24587bf Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:11:35 -0500
Subject: [PATCH 034/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index c581bde..c3cbbdc 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,18 +3,22 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
-Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file, +
+Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
+
```
COmanageMatchSampleData.tar.gz
```
-Import
+- Import
-```/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+```
+/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
```
and
- ```/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
- ```
+
+```
+/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+```
into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
From 1fb39e1b243b312d4e636ed5f5562f057d8afccd Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:14:17 -0500
Subject: [PATCH 035/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index c3cbbdc..110d873 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -20,7 +20,8 @@ and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
```
-into a midPoint organization, ‘test’. ProvisionLDAP accounts for each user (about 40,000 users) +
+into a midPoint organization, ‘test’ +
+ProvisionLDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
ref:test:hrms
and
@@ -44,21 +45,24 @@ khazelton.workbench.incommon.org <- test platform
- copy data files to defined locations:
- cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
+```
+cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
- cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv +
+cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
+```
- Edit docker-compose.yml to bind these volumes to the container using +
- ...
- - type: bind
- source: ./midpoint_server/container_files/csv/source-sis.csv
- target: /opt/midpoint/csv/source-sis.csv
- - type: bind
- source: ./midpoint_server/container_files/csv/source-hrms.csv
- target: /opt/midpoint/csv/source-hrms.csv
+```
+...
+- type: bind
+ source: ./midpoint_server/container_files/csv/source-sis.csv
+ target: /opt/midpoint/csv/source-sis.csv
+- type: bind
+ source: ./midpoint_server/container_files/csv/source-hrms.csv
+ target: /opt/midpoint/csv/source-hrms.csv
...
-
+```
- Connect to the workbench instance using midPoint Studio
- Model the resource definitions for hrms.csv and sis.csv on the existing workbench file +
From 3e90e50c19ec8d2af35a199c8c6735d7a4da2cc9 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:20:37 -0500
Subject: [PATCH 036/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 110d873..fe8e7ac 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -39,7 +39,7 @@ If you want to grab the zipped archive of all the .csv files, use
- - -
_2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships_
-khazelton.workbench.incommon.org <- test platform
+Assumes a test platform on a local workbench.incommon.org
==== With midPoint 4.6
@@ -65,13 +65,13 @@ cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_
```
- Connect to the workbench instance using midPoint Studio
-- Model the resource definitions for hrms.csv and sis.csv on the existing workbench file +
+- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file +
kb-wb/objects/resources/SourceHRSystem.xml
naming them +
kb-wb/objects/resources/SourceTestHrmsSystem.xml and +
kb-wb/objects/resources/SourceTestSisSystem.xml
-- First line of .csv files should contain comma-delimited field names
+- The first line of .csv files should contain comma-delimited field names +
sorid,given,surname,email,ph#,cntry-code,natID,occup,dept,RefID
- Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
@@ -89,8 +89,9 @@ into a midPoint organization, ‘test’.
- Use Grouper loader jobs with LDAP as a subject source +
Put those users into two large reference groups: +
-ref:test:hrms and +
-ref:test:sis +
+ ref:test:hrms
+and +
+ ref:test:sis +
- Create a large number of small groups based on the last three digits of the
‘natID’ attribute, +
From 5077a6bedeb7c6c3bd71ebd3737d419020ab492e Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:21:25 -0500
Subject: [PATCH 037/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index fe8e7ac..36b84b5 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -20,8 +20,9 @@ and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
```
-into a midPoint organization, ‘test’ +
-ProvisionLDAP accounts for each user (about 40,000 users) +
+into a midPoint organization, ‘test’
+
+Provision LDAP accounts for each user (about 40,000 users) +
Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
ref:test:hrms
and
From 4651a6d6ef0b7f11d8945e89ce5ca1295cb44959 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 1 Aug 2023 10:31:54 -0500
Subject: [PATCH 038/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 58 +++++++++++++++++------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 36b84b5..ea460e7 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,31 +3,12 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
-Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
+- Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
```
COmanageMatchSampleData.tar.gz
```
-- Import
-
-```
-/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
-```
-and
-
-```
-/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-```
-
-into a midPoint organization, ‘test’
-
-Provision LDAP accounts for each user (about 40,000 users) +
-Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
- ref:test:hrms
-and
- ref:test:sis.
-
To create a large number of small groups, create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
Create a sudo-capable account to work with this data.
@@ -40,11 +21,11 @@ If you want to grab the zipped archive of all the .csv files, use
- - -
_2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships_
-Assumes a test platform on a local workbench.incommon.org
+- Createe a test platform on a local instance of the Workbench,
==== With midPoint 4.6
-- copy data files to defined locations:
+- copy csv files to defined locations:
```
cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
@@ -52,7 +33,7 @@ cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint
cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
-- Edit docker-compose.yml to bind these volumes to the container using +
+- Edit docker-compose.yml to bind these volumes into the container using +
```
...
@@ -71,19 +52,38 @@ cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_
naming them +
kb-wb/objects/resources/SourceTestHrmsSystem.xml and +
kb-wb/objects/resources/SourceTestSisSystem.xml
+
+- Import
+
+```
+/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
+```
+and
+
+```
+/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
+```
-- The first line of .csv files should contain comma-delimited field names +
+into a midPoint organization, ‘test’
+
+Provision LDAP accounts for each user (about 40,000 users)
+
+Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
+ ref:test:hrms
+and
+ ref:test:sis.
+
+- The first line of .csv files should contain comma-delimited field names, for these test .csv files the field names are: +
sorid,given,surname,email,ph#,cntry-code,natID,occup,dept,RefID
- Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
into a midPoint organization, ‘test’.
+Adding LDAP accounts for each user (about 40,000 users).
- Run reconciliation on a sample user and verify correctness of midPoint objects
-- Add LDAP accounts for each user (about 100000 users).
-
==== With Grouper
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
@@ -92,12 +92,12 @@ into a midPoint organization, ‘test’.
Put those users into two large reference groups: +
ref:test:hrms
and +
- ref:test:sis +
+ ref:test:sis
- Create a large number of small groups based on the last three digits of the
‘natID’ attribute, +
-a string formatted as a US social security number: +
- xxxx-xx-abcd +
+which is a string formatted as a US social security number: +
+ xxxx-xx-abcd
with this example natID, the user would be added to the group +
‘ref:test:bcd’
From bc74472623cf01a2a7c72714acc6c0f9a9581c04 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 11:40:42 -0500
Subject: [PATCH 039/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index ea460e7..1f62f48 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -48,9 +48,9 @@ cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_
- Connect to the workbench instance using midPoint Studio
- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file +
- kb-wb/objects/resources/SourceHRSystem.xml
+ kb-wb/objects/resources/SourceHRSystem.xml +
naming them +
- kb-wb/objects/resources/SourceTestHrmsSystem.xml and +
+ kb-wb/objects/resources/SourceTestHrmsSystem.xml +
kb-wb/objects/resources/SourceTestSisSystem.xml
- Import
From 57f54905280575ec3523e2add3f38e8094e9c9d3 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 11:42:05 -0500
Subject: [PATCH 040/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 1f62f48..9c76612 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -53,7 +53,7 @@ naming them +
kb-wb/objects/resources/SourceTestHrmsSystem.xml +
kb-wb/objects/resources/SourceTestSisSystem.xml
-- Import
+- Import the csv files...
```
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
@@ -64,7 +64,7 @@ and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
```
-into a midPoint organization, ‘test’
+- ...into a midPoint organization, ‘test’
Provision LDAP accounts for each user (about 40,000 users)
From fe949727e8e2bbe4d9d158c3df782587825fc8c7 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 11:42:57 -0500
Subject: [PATCH 041/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 9c76612..b6bc728 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -53,7 +53,7 @@ naming them +
kb-wb/objects/resources/SourceTestHrmsSystem.xml +
kb-wb/objects/resources/SourceTestSisSystem.xml
-- Import the csv files...
+==== Import the csv files...
```
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
@@ -64,7 +64,7 @@ and
/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
```
-- ...into a midPoint organization, ‘test’
+==== ...into a midPoint organization, ‘test’
Provision LDAP accounts for each user (about 40,000 users)
From e845e26c599899e3d3923417a17e1bd7f8d3b536 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 11:44:46 -0500
Subject: [PATCH 042/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index b6bc728..2ca217e 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -68,11 +68,6 @@ and
Provision LDAP accounts for each user (about 40,000 users)
-Then use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
- ref:test:hrms
-and
- ref:test:sis.
-
- The first line of .csv files should contain comma-delimited field names, for these test .csv files the field names are: +
sorid,given,surname,email,ph#,cntry-code,natID,occup,dept,RefID
@@ -86,6 +81,11 @@ Adding LDAP accounts for each user (about 40,000 users).
==== With Grouper
+Use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
+ ref:test:hrms
+and
+ ref:test:sis
+
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
- Use Grouper loader jobs with LDAP as a subject source +
From bf18925b2dca3ccfad961f9562d57e3c507bb15d Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 12:08:07 -0500
Subject: [PATCH 043/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 36 +++++++++++++----------------------
1 file changed, 13 insertions(+), 23 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 2ca217e..e7ecb4d 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -53,7 +53,10 @@ naming them +
kb-wb/objects/resources/SourceTestHrmsSystem.xml +
kb-wb/objects/resources/SourceTestSisSystem.xml
-==== Import the csv files...
+==== Import the csv files below into the midPoint resources _SourceTestHrmsSystem_ and _SourceTestSisSystem_
+
+NOTE: The first line of .csv files should contain comma-delimited field names, for these test .csv files the field names are: +
+ sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
```
/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
@@ -66,42 +69,29 @@ and
==== ...into a midPoint organization, ‘test’
-Provision LDAP accounts for each user (about 40,000 users)
-
-- The first line of .csv files should contain comma-delimited field names, for these test .csv files the field names are: +
- sorid,given,surname,email,ph#,cntry-code,natID,occup,dept,RefID
-
-- Import the files below into the resources SourceTestHrmsSystem and SourceTestSisSystem
- /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv and
- /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-into a midPoint organization, ‘test’.
-Adding LDAP accounts for each user (about 40,000 users).
+- Provision LDAP accounts for each user (about 40,000 users)
- Run reconciliation on a sample user and verify correctness of midPoint objects
-==== With Grouper
+- Run reconciliation on all the resource accounts
-Use Grouper loader jobs with LDAP as a subject source to put those users into two large reference groups:
- ref:test:hrms
-and
- ref:test:sis
+==== With Grouper
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
-- Use Grouper loader jobs with LDAP as a subject source +
-Put those users into two large reference groups: +
- ref:test:hrms
-and +
+Use Grouper loader jobs with LDAP as a subject source to put all the imported users into two large reference groups:
+ ref:test:hrms
+and
ref:test:sis
-- Create a large number of small groups based on the last three digits of the
-‘natID’ attribute, +
+- To create a large number of small groups, take the last three digits of the
+‘uid' attribute, +
which is a string formatted as a US social security number: +
xxxx-xx-abcd
with this example natID, the user would be added to the group +
‘ref:test:bcd’
-- Loading all records Will create up to 1000 groups.
+- Loading all records this way Will create up to 1000 groups with an average of around 40 members.
.
From 34138601d1fcb64b78591f6c87ec0dc8a11b9ada Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 12:54:34 -0500
Subject: [PATCH 044/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 65 ++++++++++++++---------------------
1 file changed, 26 insertions(+), 39 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index e7ecb4d..205904b 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -1,39 +1,35 @@
testGroups.adoc
- - -
-_2023-07-31 08:25:11 midPoint-Grouper test plan for large groups and large number of small groups_
+_2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and large numbers of small groups_
-- Two sets of large csv files of test data are now available on khazelton.workbench.incommon.org in the gzipped file,
+==== Prerequisitea foe performance testing of midPoint - Grouper integration
-```
-COmanageMatchSampleData.tar.gz
-```
-
-To create a large number of small groups, create groups based on the last three digits of the ‘natID’ attribute, a string formatted as a US social security number: xxxx-xx-abcd, so with this example natID, the user would be added to the group ‘ref:test:bcd’. resulting in up to 1000 groups.
-
-Create a sudo-capable account to work with this data.
-
-ssh user@my.workbench.incommon.org
+- Createe your own test platform on a local instance of the Workbench, for example __my__.workbench.incommon.org
-If you want to grab the zipped archive of all the .csv files, use
- sudo scp /home/csprootuser/COmanageMatchSampleData.tar.gz
+- Create a sudo-capable account for this host. The simplest way is to add the newly created user to the wheel group.
-- - -
-_2023-07-31 10:59:07 setting up grouper / midpoint environment for large N groups and large N memberships_
+- Connect to the Workbench host:
+```
+ssh me@__my__.workbench.incommon.org
+```
-- Createe a test platform on a local instance of the Workbench,
+- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. We have made two of them available as follows:
+```
+https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv +
+https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
+```
==== With midPoint 4.6
-- copy csv files to defined locations:
+- download the provided test csv files and move them to the defined locations:
```
-cp /home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
-
-cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
+cp hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
+cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
-- Edit docker-compose.yml to bind these volumes into the container using +
+- Edit docker-compose.yml to bind these files into the container by adding the following to the existing list of bound volumes for midPoint +
```
...
@@ -47,26 +43,17 @@ cp /home/csprootuser/COmanageMatchSampleData/Matched/sis.csv Workbench/midpoint_
```
- Connect to the workbench instance using midPoint Studio
-- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file +
- kb-wb/objects/resources/SourceHRSystem.xml +
+- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file, +
+ {midPoint Studio workbench project}/objects/resources/SourceHRSystem.xml +
naming them +
- kb-wb/objects/resources/SourceTestHrmsSystem.xml +
- kb-wb/objects/resources/SourceTestSisSystem.xml
+ {midPoint Studio workbench project}/objects/resources/SourceTestHrmsSystem.xml +
+ {midPoint Studio workbench project}/objects/resources/SourceTestSisSystem.xml
-==== Import the csv files below into the midPoint resources _SourceTestHrmsSystem_ and _SourceTestSisSystem_
+==== Import the csv files below into the newly defined midPoint resources, _SourceTestHrmsSystem_ and _SourceTestSisSystem_
-NOTE: The first line of .csv files should contain comma-delimited field names, for these test .csv files the field names are: +
+NOTE: The first line of these .csv files contains comma-delimited field names, for these test .csv files the field names are: +
sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
-```
-/home/csprootuser/COmanageMatchSampleData/Matched/hrms.csv
-```
-and
-
-```
-/home/csprootuser/COmanageMatchSampleData/Matched/sis.csv
-```
-
==== ...into a midPoint organization, ‘test’
- Provision LDAP accounts for each user (about 40,000 users)
@@ -75,11 +62,11 @@ and
- Run reconciliation on all the resource accounts
-==== With Grouper
+==== Switching over to Grouper-side setup
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
-Use Grouper loader jobs with LDAP as a subject source to put all the imported users into two large reference groups:
+Use Grouper loader jobs with LDAP as a subject source to put all the imported users into one of two large reference groups of about 20,000 users each:
ref:test:hrms
and
ref:test:sis
@@ -88,7 +75,7 @@ and
‘uid' attribute, +
which is a string formatted as a US social security number: +
xxxx-xx-abcd
-with this example natID, the user would be added to the group +
+For example, with this example uid, the user would be added to the group +
‘ref:test:bcd’
- Loading all records this way Will create up to 1000 groups with an average of around 40 members.
From ed27d94d58c51553e9728dba7d4b5cc684fbb291 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:03:00 -0500
Subject: [PATCH 045/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 205904b..b9a02e3 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -7,14 +7,16 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
- Createe your own test platform on a local instance of the Workbench, for example __my__.workbench.incommon.org
-- Create a sudo-capable account for this host. The simplest way is to add the newly created user to the wheel group.
+- SSH to the workbench host as user 'csprootuser'
-- Connect to the Workbench host:
+- Create a sudo-capable account for this host. The simplest way is to add a newly created user to the wheel group.
+
+- Connect to the Workbench host as the new user:
```
ssh me@__my__.workbench.incommon.org
```
-- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. We have made two of them available as follows:
+- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. We have initially made two of them available as follows:
```
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv +
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
@@ -26,7 +28,7 @@ https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
```
cp hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
-cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
+cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
- Edit docker-compose.yml to bind these files into the container by adding the following to the existing list of bound volumes for midPoint +
@@ -54,7 +56,7 @@ naming them +
NOTE: The first line of these .csv files contains comma-delimited field names, for these test .csv files the field names are: +
sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
-==== ...into a midPoint organization, ‘test’
+==== Import...into a midPoint organization, ‘test’
- Provision LDAP accounts for each user (about 40,000 users)
@@ -62,7 +64,7 @@ NOTE: The first line of these .csv files contains comma-delimited field names, f
- Run reconciliation on all the resource accounts
-==== Switching over to Grouper-side setup
+==== Switching over to Grouper-side setup
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
@@ -80,6 +82,8 @@ For example, with this example uid, the user would be added to the group +
- Loading all records this way Will create up to 1000 groups with an average of around 40 members.
+==== Proceed to do performance testing in this prepared Workbench instance
+
.
- - -
From fe01bc671046c0b972fd8151f7288a17bf37a0ea Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:03:42 -0500
Subject: [PATCH 046/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index b9a02e3..6f6b9c2 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -82,7 +82,7 @@ For example, with this example uid, the user would be added to the group +
- Loading all records this way Will create up to 1000 groups with an average of around 40 members.
-==== Proceed to do performance testing in this prepared Workbench instance
+==== Proceed to do performance testing in this newly prepared Workbench instance
.
From c2b35dfe09a71075c4480045cec1c6a793968492 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:04:30 -0500
Subject: [PATCH 047/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 6f6b9c2..9b0100c 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
==== Prerequisitea foe performance testing of midPoint - Grouper integration
-- Createe your own test platform on a local instance of the Workbench, for example __my__.workbench.incommon.org
+- Createe your own test platform as a local instance of the Workbench, for example __my__.workbench.incommon.org
- SSH to the workbench host as user 'csprootuser'
From 86135e099609ec8fa731aa97d1a2356600ccb799 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:05:49 -0500
Subject: [PATCH 048/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 9b0100c..621a010 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
==== Prerequisitea foe performance testing of midPoint - Grouper integration
-- Createe your own test platform as a local instance of the Workbench, for example __my__.workbench.incommon.org
+- Createe your own test platform as a local instance of the Workbench, for example __my__.workbench.example.edu
- SSH to the workbench host as user 'csprootuser'
From 5a43f3336a18657788edec17256cd8234bf9cf26 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:06:46 -0500
Subject: [PATCH 049/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 621a010..7ff5f32 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -13,7 +13,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
- Connect to the Workbench host as the new user:
```
-ssh me@__my__.workbench.incommon.org
+ssh me@__my__.workbench.example.edu
```
- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. We have initially made two of them available as follows:
From 1e95016c2dab6b19332f8f2ea3c3509b4fdb3e16 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:07:59 -0500
Subject: [PATCH 050/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 7ff5f32..83d14f9 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -16,7 +16,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
ssh me@__my__.workbench.example.edu
```
-- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. We have initially made two of them available as follows:
+- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
```
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv +
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
From af9ca1f49bfd4bc5ced0764393db6806723d3e79 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 13:10:43 -0500
Subject: [PATCH 051/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 83d14f9..9b5c1c8 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -60,9 +60,9 @@ NOTE: The first line of these .csv files contains comma-delimited field names, f
- Provision LDAP accounts for each user (about 40,000 users)
-- Run reconciliation on a sample user and verify correctness of midPoint objects
+- Import a sample user and verify the correctness of midPoint objects
-- Run reconciliation on all the resource accounts
+- Import all the resource accounts
==== Switching over to Grouper-side setup
From fb0dc2ce5992366b06266ad7e8ce21c2f32d3320 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 17:41:40 -0500
Subject: [PATCH 052/126] MBProMax
---
grouper-midpoint-testing.adoc | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 9b5c1c8..0270bd9 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,9 +3,9 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and large numbers of small groups_
-==== Prerequisitea foe performance testing of midPoint - Grouper integration
+==== Prerequisites for performance testing of midPoint - Grouper integration
-- Createe your own test platform as a local instance of the Workbench, for example __my__.workbench.example.edu
+- Create your own test platform as a local instance of the Workbench, for example {my}.workbench.example.edu'
- SSH to the workbench host as user 'csprootuser'
@@ -13,7 +13,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
- Connect to the Workbench host as the new user:
```
-ssh me@__my__.workbench.example.edu
+ssh me@{my}.workbench.example.edu
```
- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
@@ -46,17 +46,17 @@ cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
- Connect to the workbench instance using midPoint Studio
- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file, +
- {midPoint Studio workbench project}/objects/resources/SourceHRSystem.xml +
+ {midPoint Studio workbench project} /objects/resources/SourceHRSystem.xml +
naming them +
- {midPoint Studio workbench project}/objects/resources/SourceTestHrmsSystem.xml +
- {midPoint Studio workbench project}/objects/resources/SourceTestSisSystem.xml
+ {midPoint Studio workbench project} /objects/resources/SourceTestHrmsSystem.xml
+ {midPoint Studio workbench project} /objects/resources/SourceTestSisSystem.xml
==== Import the csv files below into the newly defined midPoint resources, _SourceTestHrmsSystem_ and _SourceTestSisSystem_
-NOTE: The first line of these .csv files contains comma-delimited field names, for these test .csv files the field names are: +
- sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
-
-==== Import...into a midPoint organization, ‘test’
+NOTE: The first line of these .csv files contains comma-delimited field names,
+ for these test .csv files the field names are: sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
+
+==== Import into a midPoint organization, ‘test’
- Provision LDAP accounts for each user (about 40,000 users)
From 1fff151bc0c6933eabf0818cf1d00bffc754931a Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 17:43:46 -0500
Subject: [PATCH 053/126] MBProMax
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 0270bd9..7ece1a7 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -18,7 +18,7 @@ ssh me@{my}.workbench.example.edu
- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
```
-https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv +
+https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
```
@@ -55,7 +55,7 @@ naming them +
NOTE: The first line of these .csv files contains comma-delimited field names,
for these test .csv files the field names are: sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
-
+
==== Import into a midPoint organization, ‘test’
- Provision LDAP accounts for each user (about 40,000 users)
From f72476fc02cdcef347d9e0ce8ded2aacbea190a5 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 2 Aug 2023 17:48:18 -0500
Subject: [PATCH 054/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 7ece1a7..d3c56e2 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -31,7 +31,7 @@ cp hrms.csv Workbench/midpoint_server/container_files/csv/source-hrms.csv
cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
-- Edit docker-compose.yml to bind these files into the container by adding the following to the existing list of bound volumes for midPoint +
+- Edit Workbench/docker-compose.yml to bind these files into the container by adding the following to the existing list of bound volumes for midPoint +
```
...
@@ -43,7 +43,7 @@ cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
target: /opt/midpoint/csv/source-hrms.csv
...
```
-- Connect to the workbench instance using midPoint Studio
+- Connect to the workbench instance using _midPoint Studio_
- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file, +
{midPoint Studio workbench project} /objects/resources/SourceHRSystem.xml +
From 87681732321c6cb95f8de2a019e716ba5de4725d Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 3 Aug 2023 09:01:53 -0500
Subject: [PATCH 055/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index d3c56e2..2ffffee 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -45,10 +45,10 @@ cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
- Connect to the workbench instance using _midPoint Studio_
-- Model the resource definitions for source-hrms.csv and source-sis.csv on the existing workbench file, +
+- Model the resource definitions for source-hrms and source-sis on the existing workbench file, +
{midPoint Studio workbench project} /objects/resources/SourceHRSystem.xml +
naming them +
- {midPoint Studio workbench project} /objects/resources/SourceTestHrmsSystem.xml
+ {midPoint Studio workbench project} /objects/resources/SourceTestHrmsSystem.xml +
{midPoint Studio workbench project} /objects/resources/SourceTestSisSystem.xml
==== Import the csv files below into the newly defined midPoint resources, _SourceTestHrmsSystem_ and _SourceTestSisSystem_
From 9e329e1fcf295149ef08c8a42b5ec959ac1267f3 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 3 Aug 2023 20:27:06 -0500
Subject: [PATCH 056/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 2ffffee..59f71f5 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -58,6 +58,8 @@ NOTE: The first line of these .csv files contains comma-delimited field names,
==== Import into a midPoint organization, ‘test’
+*- Additional Steps detailed below -*
+
- Provision LDAP accounts for each user (about 40,000 users)
- Import a sample user and verify the correctness of midPoint objects
@@ -84,6 +86,12 @@ For example, with this example uid, the user would be added to the group +
==== Proceed to do performance testing in this newly prepared Workbench instance
-.
+==== Steps to be inserted at appropriate points in the above process
+
+*- Define the schema extensions needed for test HR and test SIS sources -*
+
+*- Create assignments to LDAP and to the Test Org in the schema handling section of the HR and SIS resource definition -*
+
+*- Run the import and reconcile tasks on the HR and SIS resources -*
- - -
From ed7e6dd42ed62fffc10b674031d422811b4f5f02 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 3 Aug 2023 20:41:34 -0500
Subject: [PATCH 057/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 59f71f5..94ae9f5 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -16,7 +16,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
ssh me@{my}.workbench.example.edu
```
-- 40,000-record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
+- 40,000+ record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
```
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
@@ -60,7 +60,7 @@ NOTE: The first line of these .csv files contains comma-delimited field names,
*- Additional Steps detailed below -*
-- Provision LDAP accounts for each user (about 40,000 users)
+- Provision LDAP accounts for each of the 40,000+ users
- Import a sample user and verify the correctness of midPoint objects
@@ -70,7 +70,7 @@ NOTE: The first line of these .csv files contains comma-delimited field names,
- Create a 'test' reference folder and create groups 'test:hrms' and 'test:sis' under it
-Use Grouper loader jobs with LDAP as a subject source to put all the imported users into one of two large reference groups of about 20,000 users each:
+Use Grouper loader jobs with LDAP as a subject source to put all the imported users into one of two large reference groups of something over 40,000 users each:
ref:test:hrms
and
ref:test:sis
@@ -82,7 +82,7 @@ which is a string formatted as a US social security number: +
For example, with this example uid, the user would be added to the group +
‘ref:test:bcd’
-- Loading all records this way Will create up to 1000 groups with an average of around 40 members.
+- Loading all records this way Will create up to 1000 groups with an average of around 80 members.
==== Proceed to do performance testing in this newly prepared Workbench instance
From cc867b0d4b210bc86766e002ec8aff7bae3934cb Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 07:24:17 -0500
Subject: [PATCH 058/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 94ae9f5..d8e1701 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -58,9 +58,11 @@ NOTE: The first line of these .csv files contains comma-delimited field names,
==== Import into a midPoint organization, ‘test’
-*- Additional Steps detailed below -*
+- Define the schema extensions needed for test HR and test SIS sources
-- Provision LDAP accounts for each of the 40,000+ users
+- Create assignments to LDAP and to the Test Org in the schema handling section of the HR and SIS resource definition
+
+- Run the import and reconcile tasks on the HR and SIS resources
- Import a sample user and verify the correctness of midPoint objects
@@ -84,14 +86,6 @@ For example, with this example uid, the user would be added to the group +
- Loading all records this way Will create up to 1000 groups with an average of around 80 members.
-==== Proceed to do performance testing in this newly prepared Workbench instance
-
-==== Steps to be inserted at appropriate points in the above process
-
-*- Define the schema extensions needed for test HR and test SIS sources -*
-
-*- Create assignments to LDAP and to the Test Org in the schema handling section of the HR and SIS resource definition -*
-
-*- Run the import and reconcile tasks on the HR and SIS resources -*
+==== Proceed to performance testing in this newly prepared Workbench instance
- - -
From 0ffe18df0d15a2b70c99dfbf87161318a90419a2 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 07:29:34 -0500
Subject: [PATCH 059/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index d8e1701..65bd95c 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
==== Prerequisites for performance testing of midPoint - Grouper integration
-- Create your own test platform as a local instance of the Workbench, for example {my}.workbench.example.edu'
+- Create your own test platform as a local instance of the https://spaces.at.internet2.edu/display/TAPW/Build+the+TAP+Workbench+in+your+local+environment[Workbench], for example {my}.workbench.example.edu'
- SSH to the workbench host as user 'csprootuser'
From bc17e68faace7f883df2b7ccdca87baa43586eed Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 07:32:12 -0500
Subject: [PATCH 060/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 65bd95c..5349cfe 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -9,7 +9,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
- SSH to the workbench host as user 'csprootuser'
-- Create a sudo-capable account for this host. The simplest way is to add a newly created user to the wheel group.
+- Create a sudo-capable account for this host. The simplest way is to create a new user and add them to the wheel group.
- Connect to the Workbench host as the new user:
```
From ff81d58cdca881dba86e8bc31f5e4a7b5438ff02 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 07:33:39 -0500
Subject: [PATCH 061/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 5349cfe..fba4501 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -3,7 +3,7 @@ testGroups.adoc
- - -
_2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and large numbers of small groups_
-==== Prerequisites for performance testing of midPoint - Grouper integration
+==== Setting up a performance testing environment for midPoint - Grouper integration
- Create your own test platform as a local instance of the https://spaces.at.internet2.edu/display/TAPW/Build+the+TAP+Workbench+in+your+local+environment[Workbench], for example {my}.workbench.example.edu'
From bf048d88bc80c581e69224870b9c3ed0f2ffae77 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:04:37 -0500
Subject: [PATCH 062/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index fba4501..6c64d27 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -56,7 +56,7 @@ naming them +
NOTE: The first line of these .csv files contains comma-delimited field names,
for these test .csv files the field names are: sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
-==== Import into a midPoint organization, ‘test’
+==== Import into a midPoint organization, ‘Test’
- Define the schema extensions needed for test HR and test SIS sources
From dde62a74ae9948338e9b5712d02544eb36ab310e Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:20:14 -0500
Subject: [PATCH 063/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 6c64d27..e7cb9f5 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -51,7 +51,7 @@ naming them +
{midPoint Studio workbench project} /objects/resources/SourceTestHrmsSystem.xml +
{midPoint Studio workbench project} /objects/resources/SourceTestSisSystem.xml
-==== Import the csv files below into the newly defined midPoint resources, _SourceTestHrmsSystem_ and _SourceTestSisSystem_
+==== Import the csv files below into the newly defined midPoint resources, _Source: HRMS System (large N)_ and _Source: SIS System (large N)_
NOTE: The first line of these .csv files contains comma-delimited field names,
for these test .csv files the field names are: sorid, given, surname, email, ph#, cntry-code, uid, occup, dept, RefID
From 019f249cae68bf05ea48dc93606e41a612f09ab2 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:20:50 -0500
Subject: [PATCH 064/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index e7cb9f5..05008d7 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -5,7 +5,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
==== Setting up a performance testing environment for midPoint - Grouper integration
-- Create your own test platform as a local instance of the https://spaces.at.internet2.edu/display/TAPW/Build+the+TAP+Workbench+in+your+local+environment[Workbench], for example {my}.workbench.example.edu'
+- Create your own test platform as a local instance of the https://spaces.at.internet2.edu/display/TAPW/Build+the+TAP+Workbench+in+your+local+environment[Workbench], for example, {my}.workbench.example.edu'
- SSH to the workbench host as user 'csprootuser'
From 474bb5e46b97d7b317d86a3cdad49ac4d28558cd Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:23:34 -0500
Subject: [PATCH 065/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 05008d7..472e0d8 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -16,7 +16,7 @@ _2023-07-31 08:25:11 MidPoint-Grouper performance testing for large groups and l
ssh me@{my}.workbench.example.edu
```
-- 40,000+ record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
+- Twenty-six 40,000+ record csv files organized by affiliation were created by Benn Oshrin for COmange testing purposes. With thanks to the COmanage project, we have initially made two of them available as follows:
```
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/hrms.csv
https://github.internet2.edu/internet2/iam-use-cases/blob/main/Matched/sis.csv
From c5c9838f09fdec4e805933d23efac52e9f7c5fc8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:25:34 -0500
Subject: [PATCH 066/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 472e0d8..a0b2343 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -45,7 +45,7 @@ cp sis.csv Workbench/midpoint_server/container_files/csv/source-sis.csv
```
- Connect to the workbench instance using _midPoint Studio_
-- Model the resource definitions for source-hrms and source-sis on the existing workbench file, +
+- Model the resource definitions for source-hrms and source-sis on the existing csv resource file, +
{midPoint Studio workbench project} /objects/resources/SourceHRSystem.xml +
naming them +
{midPoint Studio workbench project} /objects/resources/SourceTestHrmsSystem.xml +
From 4caf9a8d1bf9fb2e44ff31154e9b924b3a427c2d Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:27:58 -0500
Subject: [PATCH 067/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index a0b2343..07c82f4 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -79,8 +79,7 @@ and
- To create a large number of small groups, take the last three digits of the
‘uid' attribute, +
-which is a string formatted as a US social security number: +
- xxxx-xx-abcd
+which is a string formatted as a US social security number: _xxxx-xx-abcd_
For example, with this example uid, the user would be added to the group +
‘ref:test:bcd’
From cd0a9779c91c79f86596617c36c035b9932ffb8a Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:29:09 -0500
Subject: [PATCH 068/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 07c82f4..f630d0f 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -79,7 +79,7 @@ and
- To create a large number of small groups, take the last three digits of the
‘uid' attribute, +
-which is a string formatted as a US social security number: _xxxx-xx-abcd_
+which is a string formatted as a US social security number: _xxxx-xx-abcd_ +
For example, with this example uid, the user would be added to the group +
‘ref:test:bcd’
From 0f8f8445245f131d6a86e0541233a86cc71930d1 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:30:19 -0500
Subject: [PATCH 069/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index f630d0f..d3ec9c0 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -80,8 +80,7 @@ and
- To create a large number of small groups, take the last three digits of the
‘uid' attribute, +
which is a string formatted as a US social security number: _xxxx-xx-abcd_ +
-For example, with this example uid, the user would be added to the group +
- ‘ref:test:bcd’
+For example, with the above uid, the user would be added to the group _‘ref:test:bcd’_
- Loading all records this way Will create up to 1000 groups with an average of around 80 members.
From 2f95b939974a0e7bcc5c82f87dbeab10965e8c47 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:31:02 -0500
Subject: [PATCH 070/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index d3ec9c0..43a11e2 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -82,7 +82,7 @@ and
which is a string formatted as a US social security number: _xxxx-xx-abcd_ +
For example, with the above uid, the user would be added to the group _‘ref:test:bcd’_
-- Loading all records this way Will create up to 1000 groups with an average of around 80 members.
+- Loading all records this way will create up to 1000 groups with an average of around 80 members.
==== Proceed to performance testing in this newly prepared Workbench instance
From c6834be8cff562c7e2e52983d3688037bc16d033 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 4 Aug 2023 08:31:45 -0500
Subject: [PATCH 071/126] Update grouper-midpoint-testing.adoc
---
grouper-midpoint-testing.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouper-midpoint-testing.adoc b/grouper-midpoint-testing.adoc
index 43a11e2..f93caf9 100644
--- a/grouper-midpoint-testing.adoc
+++ b/grouper-midpoint-testing.adoc
@@ -84,6 +84,6 @@ For example, with the above uid, the user would be added to the group _‘ref:te
- Loading all records this way will create up to 1000 groups with an average of around 80 members.
-==== Proceed to performance testing in this newly prepared Workbench instance
+==== Proceed to performance testing with this newly prepared Workbench instance
- - -
From 30d654375a917642d93433ef72eef663633832d8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:03:21 -0500
Subject: [PATCH 072/126] Add files via upload
---
test-data-howto.adoc | 1705 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 1705 insertions(+)
create mode 100644 test-data-howto.adoc
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
new file mode 100644
index 0000000..b3bb038
--- /dev/null
+++ b/test-data-howto.adoc
@@ -0,0 +1,1705 @@
+=== test-data-how-to.adoc
+- - -
+_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
+
+*- CSV connector How-to: Bring a new resource into a Worbench instance (example modified from The Book, Chapter 8, HR section) -*
+
+- Start with the small csv resource definition from Chapter 8 of the Book
+
+- hr.csv contents:
+```
+"empno","firstname","lastname"
+"001","Alice","Anderson"
+"002","Bob","Brown"
+```
+
+- Place the new comma-delimited hr.csv file in the proper place on the Workbench host
+```
+{Workbench Directory}/midpoint_server/container_files/mp-home/csv/hr.csv
+```
+- Replace {Workbench Directory} in the template with the path of the Workbench folder
+
+- Add the new .csv data file to the volume bind section of the midpoint_server segment of the docker-compose.yml file
+
+```
+ ...
+ midpoint_server:
+ ...
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ ...
+ - type: bind
+ source: ./midpoint_server/container_files/mp-home/csv/hr.csv
+ target: /opt/midpoint/csv/hr.csv
+ ...
+```
+
+*- The following template from Chapter 8 of THAE BOOK can be used to create your own simple inbound csv resource definition -*
+
+---
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- https://docs.evolveum.com/book/practical-identity-management-with-midpoint.html#08-obhject-templates
+ ~
+ ~ Copyright (c) 2010-2019 Evolveum
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<resource oid="03c3ceea-78e2-11e6-954d-dfdfa9ace0cf"
+ xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+ xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+ xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+ xmlns:ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
+
+ <name>HR System, Book ch 8</name>
+
+ <description>
+ HR resource using CSV connector. This is the HR feed (source) resource.
+ This is a sample used in the "Practical Identity Management with MidPoint"
+ book, chapter 8.
+ </description>
+
+ <connectorRef type="ConnectorType">
+ <filter>
+ <q:equal>
+ <q:path>c:connectorType</q:path>
+ <q:value>com.evolveum.polygon.connector.csv.CsvConnector</q:value>
+ </q:equal>
+ </filter>
+ </connectorRef>
+```
+* In the connectorConfiguration section
+** filepath should match the path defined in the docker-compose.yml for the target location of the bind element
+** {filename.csv} should be your .csv file name
+** uniqueAttribute should identify the field in the csv file that carries the unique identifier for each row
+
+```
+ <connectorConfiguration>
+ <!-- Configuration specific for the CSV connector -->
+ <icfc:configurationProperties
+ xmlns:icfccsvfile="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-csv/com.evolveum.polygon.connector.csv.CsvConnector">
+ <icfccsvfile:filePath>/opt/midpoint/csv/{filename.csv}</icfccsvfile:filePath>
+ <icfccsvfile:encoding>utf-8</icfccsvfile:encoding>
+ <icfccsvfile:fieldDelimiter>,</icfccsvfile:fieldDelimiter>
+ <icfccsvfile:multivalueDelimiter>;</icfccsvfile:multivalueDelimiter>
+ <icfccsvfile:uniqueAttribute>empno</icfccsvfile:uniqueAttribute>
+ </icfc:configurationProperties>
+ </connectorConfiguration>
+```
+- NOTE: The <schema> section that goes here will be added automatically
+ when the first connection to the resource takes place
+
+- The schema handling section should use the attribute names that match the "element" definitions in the auto-loaded schema section of the resource definition
+
+- Near the top of the schema handling section, the element for the unique attribute should look like this
+
+```
+ <schemaHandling>
+
+ <objectType>
+ <displayName>Default Account</displayName>
+ <default>true</default>
+ <objectClass>ri:AccountObjectClass</objectClass>
+ <attribute>
+ <ref>ri:empno</ref>
+ <displayName>Name (book hr empno)</displayName>
+ <limitations>
+ <minOccurs>0</minOccurs>
+ <access>
+ <read>true</read>
+ <add>true</add>
+ <modify>true</modify>
+ </access>
+ </limitations>
+ <inbound>
+ <target>
+ <path>$focus/employeeNumber</path>
+ </target>
+ </inbound>
+ </attribute>
+```
+- Now the rest of the attribute mappings
+
+```
+ <attribute>
+ <ref>ri:firstname</ref>
+ <displayName>First name</displayName>
+ <inbound>
+ <target>
+ <path>$focus/givenName</path>
+ </target>
+ </inbound>
+ </attribute>
+ <attribute>
+ <ref>ri:lastname</ref>
+ <displayName>Last name</displayName>
+ <inbound>
+ <target>
+ <path>$focus/familyName</path>
+ </target>
+ </inbound>
+ </attribute>
+ <activation>
+ <administrativeStatus>
+ <inbound/>
+ </administrativeStatus>
+ </activation>
+
+ <credentials>
+ <password>
+ <inbound>
+ <strength>weak</strength>
+ <expression>
+ <generate/>
+ </expression>
+ </inbound>
+ </password>
+ </credentials>
+ </objectType>
+
+ </schemaHandling>
+
+ <projection>
+ <assignmentPolicyEnforcement>none</assignmentPolicyEnforcement>
+ </projection>
+
+
+ <synchronization>
+ <objectSynchronization>
+ <enabled>true</enabled>
+```
+- The correlation element should look like this:
+
+```
+ <correlation>
+ <q:equal>
+ <q:path>employeeNumber</q:path>
+ <expression>
+ <path>$projection/attributes/empno</path>
+ </expression>
+ </q:equal>
+ </correlation>
+ <reaction>
+ <situation>linked</situation>
+ <synchronize>true</synchronize>
+ </reaction>
+ <reaction>
+ <situation>deleted</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus</handlerUri>
+ </action>
+ </reaction>
+ <reaction>
+ <situation>unlinked</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+ </action>
+ </reaction>
+ <reaction>
+ <situation>unmatched</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+ </action>
+ </reaction>
+ </objectSynchronization>
+ </synchronization>
+</resource>
+```
+- - -
+_2023-08-17 08:44:37 Import 50,000 users from source-sis-full.csv_
+
+*- process for importing large csv files into midPoint -*
+
+Bringing in the full test SIS population (50k) to midPoint Workbench
+
+Save the edited docker-compose.yml with data file binds: +
+/csp-tap/InCommonTAP-Examples-0816/Workbench/docker-compose.yml
+
+Save the contents of the ../csv directory
+
+```
+$ pwd
+/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
+
+ls -la
+-rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
+-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
+```
+
+*- Wipe all existing Workbench images and files and rebuild from repo -*
+
+```
+docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
+```
+
+Replace downloaded ../csv with saved version
+
+Replace repo version of docker-compose.yml with saved version
+
+build and bring up the fresh Workbench
+```
+docker-compose up --build -d
+```
+
+Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
+
+*- import source-sis-full.csv -*
+
+*Schema mapping and extension attributes*
+
+CSV MIDPOINT USER
+___ _____________
+sorid org
+given givenName
+surname familyName
+email emailAddress
+ph telephoneNumber
+cntry-code cntryCode
+unid uid
+occup title
+dept orgUnit
+refid rid
+
+59614 (closed) Last object processed: 641-64-5552 +
+8/17/23, 3:22:57 PM - +
+8/17/23, 5:05:57 PM (01:42:59.164)
+
+Import task incorporates synchronization process
+---
+
+- - -
+_2023-08-13 17:39:41 getting schema handling and synchronnization_
+
+With resource def containing only connector configuration, Schema and Capabilies are filled in when midpoint studio is used to upload and test the resourcecore of attribute schema after upload:
+
+core of resulting attribute schema pattern:
+
+```
+ <xsd:appinfo>
+ <a:displayName>email</a:displayName>
+ <a:displayOrder>190</a:displayOrder>
+ <ra:nativeAttributeName>email</ra:nativeAttributeName>
+ <ra:frameworkAttributeName>email</ra:frameworkAttributeName>
+ </xsd:appinfo>
+'''
+
+only the unique identifier has a frameworkattributename, __NAME__, that differs from the nativeAttributeName
+
+```
+ <xsd:appinfo>
+ <a:displayName>uid</a:displayName>
+ <a:displayOrder>100</a:displayOrder>
+ <ra:nativeAttributeName>uid</ra:nativeAttributeName>
+ <ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
+ </xsd:appinfo>
+```
+
+Give all users the ldap-basic role which will provision all users into LDAP
+
+Have Grouper treat LDAP as its subject source and create HRMS and SIS Grouper groups with loader jobs
+
+- - -
+_2023-08-09 14:12:00 Start w new workbench: mP 4.7.1 and Grouper 4.5.2_
+
+csv files already in ~/
+
+cd /csp-tap; git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
+
+*- access in browser and in midPoint Studio -*
+
+- large N csv files copied into proper location: mp-home/csv Double check match of csv resource config and location of actual csv files in the container
+
+- - -
+_2023-08-06 08:50:19 complete large n resource definitions_
+
+==== model on the original small hr csv resource in the Workbench
+
+
+mPUsr
+org,
+givenName,
+familyName,
+emailAddress,
+telephoneNumber,
+cntryCode,
+uid,
+title,
+orgUnit,
+rid
+
+https://docs.evolveum.com/midpoint/reference/schema/custom-schema-extension/[] +
+
+- - -
+_2023-08-05 11:26:42 complete import of large csv hrms and sis files into mP and provision to LDAP_
+
+*- host -*
+
+```
+[csprootuser@ip-172-31-62-244 container_files]$ pwd
+/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files
+
+[csprootuser@ip-172-31-62-244 container_files]$ ls -la mp-home/csv
+total 0
+drwxrwxr-x 2 csprootuser csprootuser 6 Aug 5 21:45 .
+drwxrwxr-x 8 csprootuser csprootuser 244 Aug 5 21:45 ..
+
+*- move host csv files into placce -*
+
+```
+[csprootuser@ip-172-31-62-244 container_files]$ pwd
+/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
+
+ls -la
+-rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
+-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
+```
+
+
+```
+
+*- container -*
+
+```
+root@77cd6546e2bd midpoint]# ls -la /opt/midpoint/var
+total 36
+drwxr-xr-x 14 root root 4096 Aug 5 20:56 .
+drwxr-xr-x 1 root root 17 Jul 26 20:14 ..
+-rw-rw-r-- 1 root root 2571 Aug 5 20:24 config.xml
+-rw-r----- 1 root root 2746 Aug 5 20:56 cs-portal.csv
+drwxr-x--- 2 root root 6 Aug 5 20:29 export
+-rw-r----- 1 root root 1461 Aug 5 20:56 faculty-portal.csv
+drwxrwxr-x 2 root root 245 Aug 5 20:28 icf-connectors
+```
+
+*- create ../var/csv to hold the test hrms and sis files -*
+
+*- correct the volume section of the midpoint configuration host docker-compose.yml -*
+
+```
+
+$ ls -la ~/csp-tap/InCommonTAP-Examples/Workbench
+
+-rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 3 22:51 source-hrms.csv
+-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 3 22:26 source-sis.csv
+
+ - type: bind
+ source: ./midpoint_server/container_files/mp-home/csv/source-hrms.csv
+ target: /opt/midpoint/var/csv/source-hrms.csv
+ - type: bind
+ source: ./midpoint_server/container_files/mp-home/csv/source-sis.csv
+ target: /opt/midpoint/var/csv/source-sis.csv
+
+```
+
+*- move host csv files into placce -*
+
+```
+[csprootuser@ip-172-31-62-244 container_files]$ pwd
+/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
+
+ls -la
+-rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
+-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
+```
+
+- - -
+_2023-08-02 09:55:55 midPoint tree in Workbench_
+
+```
+├── midpoint_server
+
+ ├── container_files
+
+ ├── csv
+ ├── source-hr.csv
+ ├── source-hrms.csv
+ └── source-sis.csv
+
+ ├── httpd
+ ├── 00-shib.conf
+ ├── host-cert.pem
+ ├── host-key.pem
+ ├── midpoint-shib.conf
+ └── vhosts.conf
+ ├── mp-home
+ <-<-<-<-<-<-<-<-<-<-<
+ ├── mp-home
+
+ ├── config.xml
+ ├── cs-portal.csv
+ ├── faculty-portal.csv
+ ├── faculty-portal.csv
+ ├── faculty-portal.csv
+ ├── icf-connectors
+ ├── connector-grouper-1.0-SNAPSHOT.jar
+ ├── connector-rest-wordpress-.23-SNAPSHOT.jar
+ ├── connector-sympa-1.0.2-connector.jar
+ └── net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
+
+ └──lib
+ ├── mariadb-java-client-3.0.6.jar
+ └── mysql-connector-java-8.0.30.jar
+
+ ├── mailing-lists.csv
+
+ ├── post-initial-objects
+ ├── archetypes
+ ├── bulkActions
+ ├── functionLibraries
+ ├── objectTemplates
+ ├── ordering.txt
+ ├── orgs
+ ├── resources
+ ├── roles
+ ├── securityPolicy
+ ├── systemConfigurations
+ ├── tasks
+ ├── users
+ └── valuePolicies
+
+ ├── res
+ └── sis-persons
+
+ ├── schema
+ └── internet2.xsd
+ ├── source-external.csv
+ └── staff-portal.csv
+
+->->->->->->->->->->->->->->
+
+ ├── shibboleth
+
+ ├── attribute-map.xml
+ ├── idp-metadata.xml
+ ├── shibboleth2.xml
+ ├── shibd.logger
+ ├── sp-encrypt-cert.pem
+ ├── sp-encrypt-key.pem
+ ├── sp-signing-cert.pem
+ └── sp-signing-key.pem
+
+ └── system
+ └── setservername.sh
+
+ └── Dockerfile
+```
+
+- - -
+_2023-02-19 12:25:54 set up linode for Workbench on Ubuntu 22.04_
+
+*- add user kh, create group wheel add kh to wheel and sudo -*
+
+*- install Java (17) -*
+
+*- install docker and docker-compose -*
+
+*- add user kh, mkdir ~/home/kh, mkdir opt, cd opt -*
+
+*- git clone https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench -*
+
+*- cd ~/opt/InCommonTAP-Examples, docker-compose up -d --build -*
+
+- - -
+_2023-05-25 17:13:53 test csv resource with mP 4.7 on xps_
+
+cat /csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/source-external.csv
+
+uid,firstname,lastname,department,mail,validFrom,validTo
+E300001,John,Smith,External,xjsmith@example.com,1/1/2018,12/31/9999
+E300002,Alice,Anderson,External,xaanderson@example.com,3/15/2016,12/31/9999
+E300003,Ellen,Johnson,External,xejohnson@example.com,10/1/2019,12/31/2019
+E300004,Ron,Vasquez,External,xrvasquez@example.com,1/1/2019,10/31/2019
+
+/opt/midpoint/csv/source-external.csv <- path in csv connector config
+
+/Workbench/midpoint_server/container_files/csv/source-hr.csv
+
+- - -
+_2023-02-19 10:01:52 https://techviewleo.com/enable-epel-remi-repos-rocky-linux/_
+
+- - -
+_2023-02-17 20:45:20 install workbench on aktis.org_
+
+```
+https://geekscircuit.com/install-docker-docker-compose-on-rocky-linux/
+
+cd ~/opt
+git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
+cd InCommonTAP-Examples/Workbench
+```
+
+- - -
+_2023-02-15 15:49:03 make comanage_data guest db accessible from workbench_
+
+vim ../Workbench/docker-compose.yml
+
+- - -
+_2023-02-15 15:29:48 work w PaulC provided khazelton.workbench.incommon.org_
+
+ssh khazelton@khazelton.workbench.incommon.org +
+csprootuser T3s...3!
+
+inc workbench directory structure
+
+```
+pwd
+cd /csp-tap/InCommonTAP-Examples/Workbench
+
+ls -la
+total 104
+drwxr-xr-x 25 csprootuser root 4096 Feb 9 02:18 .
+drwxr-xr-x 9 csprootuser root 129 Feb 8 18:51 ..
+-rw-r--r-- 1 csprootuser root 663 Feb 8 18:51 add-ref-groups.gsh
+-rwxr-xr-x 1 csprootuser root 95 Feb 8 18:51 add-ref-groups.sh
+-rwxr-xr-x 1 csprootuser root 323 Feb 8 18:51 after-installation.sh
+drwxr-xr-x 2 csprootuser root 22 Feb 8 18:51 cloudformation
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_cron
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_data
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_midpoint_data
+drwxr-xr-x 6 csprootuser root 70 Feb 8 18:51 configs-and-secrets
+-rw-r--r-- 1 csprootuser root 2025 Feb 8 18:51 create-ref-loaders.gsh
+-rwxr-xr-x 1 csprootuser root 100 Feb 8 18:51 create-ref-loaders.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 directory
+-rw-r--r-- 1 csprootuser root 18646 Feb 8 18:51 docker-compose.yml
+-rw-r--r-- 1 csprootuser root 57 Feb 8 18:51 .env
+-rwxr-xr-x 1 csprootuser root 92 Feb 8 18:51 get-import-sis-persons-status.sh
+drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 grouper_daemon
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_data
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ui
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ws
+drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 idp
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui_api
+drwxr-xr-x 3 csprootuser root 19 Feb 8 18:51 midpoint-objects-manual
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 midpoint_server
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 mq
+-rwxr-xr-x 1 csprootuser root 61 Feb 8 18:51 purge-queue.sh
+-rw-r--r-- 1 csprootuser root 843 Feb 8 18:51 README.md
+-rwxr-xr-x 1 csprootuser root 161 Feb 8 18:51 recompute.sh
+drwxr-xr-x 2 csprootuser root 211 Feb 8 19:09 scripts
+-rwxr-xr-x 1 csprootuser root 49 Feb 8 18:51 show-queue-size.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 sources
+-rwxr-xr-x 1 csprootuser root 932 Feb 8 18:51 ssh-tunnel-redir-fix.sh
+-rwxr-xr-x 1 csprootuser root 414 Feb 8 18:51 test-resources.sh
+drwxr-xr-x 3 csprootuser root 40 Feb 8 18:51 tests
+-rw-r--r-- 1 csprootuser root 437 Feb 8 18:51 update-bgasper-in-grouper.gsh
+-rwxr-xr-x 1 csprootuser root 107 Feb 8 18:51 update-bgasper-in-grouper.sh
+-rwxr-xr-x 1 csprootuser root 117 Feb 8 18:51 upload-async-update-task.sh
+-rwxr-xr-x 1 csprootuser root 115 Feb 8 18:51 upload-import-sis-persons.sh
+-rwxr-xr-x 1 csprootuser root 618 Feb 8 18:51 upload-objects.sh
+-rwxr-xr-x 1 csprootuser root 116 Feb 8 18:51 upload-recompute-users.sh
+-rwxr-xr-x 1 csprootuser root 126 Feb 8 18:51 upload-reconcile-grouper-groups.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 webproxy
+drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 wordpress_data
+drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 wordpress_server
+
+- - -
+_2023-02-08 19:03:12 bring up cloned workbench from khazelton.workbench.incommon.org on wasabi_
+
+csprootuser T3s...3!
+
+inc workbench directory structure
+
+```
+pwd
+/csp-tap/InCommonTAP-Examples/Workbench
+
+[csprootuser@ip-172-31-34-254 Workbench]$ ls -la /
+total 16
+dr-xr-xr-x 20 root root 300 Feb 8 18:51 .
+dr-xr-xr-x 20 root root 300 Feb 8 18:51 ..
+-rw-r--r-- 1 root root 0 Feb 8 18:47 .autorelabel
+lrwxrwxrwx 1 root root 7 Sep 21 2020 bin -> usr/bin
+dr-xr-xr-x 4 root root 4096 Feb 8 18:49 boot
+drwxr-xr-x 3 csprootuser root 34 Feb 8 18:52 csp-tap
+drwxr-xr-x 14 root root 2860 Feb 8 18:47 dev
+drwxr-xr-x 3 root root 17 Feb 8 18:49 dl.fedoraproject.org
+drwxr-xr-x 87 root root 8192 Feb 8 18:51 etc
+drwxr-xr-x 4 root root 41 Feb 8 18:48 home
+lrwxrwxrwx 1 root root 7 Sep 21 2020 lib -> usr/lib
+lrwxrwxrwx 1 root root 9 Sep 21 2020 lib64 -> usr/lib64
+drwxr-xr-x 2 root root 6 Sep 21 2020 local
+drwxr-xr-x 2 root root 6 Apr 9 2019 media
+drwxr-xr-x 2 root root 6 Apr 9 2019 mnt
+drwxr-xr-x 5 root root 45 Feb 8 18:51 opt
+dr-xr-xr-x 534 root root 0 Feb 8 18:47 proc
+dr-xr-x--- 4 root root 117 Feb 8 18:51 root
+drwxr-xr-x 33 root root 1140 Feb 9 00:11 run
+lrwxrwxrwx 1 root root 8 Sep 21 2020 sbin -> usr/sbin
+drwxr-xr-x 2 root root 6 Apr 9 2019 srv
+dr-xr-xr-x 13 root root 0 Feb 9 00:03 sys
+drwxrwxrwt 8 root root 212 Feb 9 01:06 tmp
+drwxr-xr-x 13 root root 155 Sep 21 2020 usr
+drwxr-xr-x 20 root root 280 Feb 8 18:50 var
+
+cd /csp-tap/InCommonTAP-Examples/Workbench
+
+csprootuser@ip-172-31-34-254 Workbench]$ ls -la
+
+total 104
+drwxr-xr-x 25 csprootuser root 4096 Feb 9 00:46 .
+drwxr-xr-x 9 csprootuser root 129 Feb 8 18:51 ..
+-rw-r--r-- 1 csprootuser root 663 Feb 8 18:51 add-ref-groups.gsh
+-rwxr-xr-x 1 csprootuser root 95 Feb 8 18:51 add-ref-groups.sh
+-rwxr-xr-x 1 csprootuser root 323 Feb 8 18:51 after-installation.sh
+drwxr-xr-x 2 csprootuser root 22 Feb 8 18:51 cloudformation
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_cron
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_data
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_midpoint_data
+drwxr-xr-x 6 csprootuser root 70 Feb 8 18:51 configs-and-secrets
+-rw-r--r-- 1 csprootuser root 2025 Feb 8 18:51 create-ref-loaders.gsh
+-rwxr-xr-x 1 csprootuser root 100 Feb 8 18:51 create-ref-loaders.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 directory
+-rw-r--r-- 1 csprootuser root 18646 Feb 8 18:51 docker-compose.yml
+-rw-r--r-- 1 csprootuser root 57 Feb 8 18:51 .env
+-rwxr-xr-x 1 csprootuser root 92 Feb 8 18:51 get-import-sis-persons-status.sh
+drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 grouper_daemon
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_data
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ui
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ws
+drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 idp
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui_api
+drwxr-xr-x 3 csprootuser root 19 Feb 8 18:51 midpoint-objects-manual
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 midpoint_server
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 mq
+-rwxr-xr-x 1 csprootuser root 61 Feb 8 18:51 purge-queue.sh
+-rw-r--r-- 1 csprootuser root 843 Feb 8 18:51 README.md
+-rwxr-xr-x 1 csprootuser root 161 Feb 8 18:51 recompute.sh
+drwxr-xr-x 2 csprootuser root 211 Feb 8 19:09 scripts
+-rwxr-xr-x 1 csprootuser root 49 Feb 8 18:51 show-queue-size.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 sources
+-rwxr-xr-x 1 csprootuser root 932 Feb 8 18:51 ssh-tunnel-redir-fix.sh
+-rwxr-xr-x 1 csprootuser root 414 Feb 8 18:51 test-resources.sh
+drwxr-xr-x 3 csprootuser root 40 Feb 8 18:51 tests
+-rw-r--r-- 1 csprootuser root 437 Feb 8 18:51 update-bgasper-in-grouper.gsh
+-rwxr-xr-x 1 csprootuser root 107 Feb 8 18:51 update-bgasper-in-grouper.sh
+-rwxr-xr-x 1 csprootuser root 117 Feb 8 18:51 upload-async-update-task.sh
+-rwxr-xr-x 1 csprootuser root 115 Feb 8 18:51 upload-import-sis-persons.sh
+-rwxr-xr-x 1 csprootuser root 618 Feb 8 18:51 upload-objects.sh
+-rwxr-xr-x 1 csprootuser root 116 Feb 8 18:51 upload-recompute-users.sh
+-rwxr-xr-x 1 csprootuser root 126 Feb 8 18:51 upload-reconcile-grouper-groups.sh
+drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 webproxy
+drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 wordpress_data
+drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 wordpress_server
+
+[csprootuser@ip-172-31-34-254 Workbench]$ cat after-installation.sh
+
+#!/bin/bash
+
+B='\033[1;33m'
+N='\033[0m'
+
+echo -e "${B} * Uploading objects...${N}"
+$(dirname "$0")/upload-objects.sh
+
+echo -e "${B} * Testing resources...${N}"
+$(dirname "$0")/test-resources.sh
+
+echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
+$(dirname "$0")/recompute.sh
+
+echo -e "${B} * Done${N}"
+[csprootuser@ip-172-31-34-254 Workbench]$
+```
+upload-objects script uploads all
+
+
+*- bring up cloned workbench from khazelton.workbench.incommon.org on wasabi =*
+
+tar -czvf csp-tap.tar.gz csp-tap
+- - -
+_2023-02-08 12:59:00 PaulC revives khazelton.workbench.incommon.org_
+
+- - -
+_2022-12-19 13:39:33 develop plans for perf. analysis_
+
+Work with 'official' workbench instance (Thanks, PaulC):
+https://khazelton.workbench.incommon.org +
+ssh csprootuser@khazelton.workbench.incommon.org +
+T3sting123! +
+/csp-tap/InCommonTAP-Examples/Workbench
+
+created csp-tap.tar.gz and scp'd to MBProMax:~/opt/non.adoc/ +
+
+copy to aktis.org on Linode 48Gb; docker compose up,
+
+- - -
+_2022-12-14 08:56:13 performance analysis metrics_
+
+follow workbench local install steps: https://spaces.at.internet2.edu/x/NBh9Dg
+
+docker ps to show running containers
+
+*Import task* in midPoint admin screen open 'server tasks', 'import tasks', select 'SIS full import', 'Performance' for timing information
+
+then 'Internal performance'
+
+scroll page to 'Repository performance information', one row per type of repository operation
+
+scroll page to 'Methods performance information', one row per type of method call
+
+*Recomputation task*
+
+'server tasks', 'recomputation tasks', 'User recomputation', 'performance', 'internal performance' for timing information, see 'provisioning' and 'mapping' tables near bottom; Note User Template mapping role.'
+
+'Configuration', 'Object templates', 'User template', 'edit raw' (or drill down on elements)
+
+
+
+
+
+
+
+
+
+for operation and method details, see javadoc and schemadoc:
+
+https://evolveum.com/download/
+
+https://evolveum.com/download/4-6-baumgarten/, view or download
+
+- - -
+_2022-12-13 16:40:18 fresh install of TAP workbench on xps_
+
+```
+git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
+cd Workbench
+docker-compose up --build -d
+```
+- - -
+_2022-10-05 19:15 workbench references and links_
+
+https://spaces.at.internet2.edu/display/TAPW
+ <- new users start here +
+https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench +
+https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo +
+
+- - -
+_2022-09-29 21:28 workbench build on aktis.org_
+
+
+https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo
+
+- - -
+_2022-02-14 12:17 mP Studio to workbench on aktis.org_
+
+Studio connection config:
+name: Aktis +
+url: https://aktis.org/midpoint +
+ignore SSL errors: checked
+
+` mP v4.4 +
+` native postgres repo +
+
+- - -
+_2022-01-22 14:15 full workbench deployment on aktis.org_
+
+Theres a minor version upgrade on that city-fan.org rpm; Here’s the webproxy Dockerfile section that worked for me :*
+```
+#install updated curl (for --data-raw)
+RUN rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-2.rhel7.noarch.rpm
+RUN yum-config-manager --enable city-fan.org
+RUN yum update curl -y
+```
+note release-2.2 instead of release-2.1 :*
+
+Also commented out the following in Workbench/comanage/Dockerfile; fixed build error and no detectable issues so far :*
+```
+#RUN yum -y update && yum -y install --setopt=tsflags=nodocs epel-release python-pip && pip install --upgrade pip
+```
+With the new Postgres-based midPoint repo, The workbench sql admin link no longer has access to mP data;
+DbSchema connection workaround: user midpoint pw WJzesbe3poNZ91qIbmR7
+
+
+- - -
+_2021-12-10 15:08 workbench w/o COmanage on xps_
+
+```
+kh@xps:~/opt/InCommonTAP-Examples-2021-06-18/Workbench$
+
+-rw-rw-r-- 1 kh kh 1293 Dec 10 14:38 comanage-doc-cmpse-snippet.yml <- saved excised bits
+-rw-rw-r-- 1 kh kh 14577 Dec 10 14:38 doc-cmpose-no-comanage.yml <- Workbench w/o COmanage
+
+docker-compose -f doc-cmpose-no-comanage.yml up --build -d
+```
+
+- - -
+_2021-10-24 11:55 workbench grouper db_
+
+```
+mysql -u root -h localhost
+
+Database changed
+MariaDB [grouper]> show tables;
++--------------------------------+
+| Tables_in_grouper |
++--------------------------------+
+| grouper_QZ_BLOB_TRIGGERS |
+| grouper_QZ_CALENDARS |
+| grouper_QZ_CRON_TRIGGERS |
+| grouper_QZ_FIRED_TRIGGERS |
+| grouper_QZ_JOB_DETAILS |
+| grouper_QZ_LOCKS |
+| grouper_QZ_PAUSED_TRIGGER_GRPS |
+| grouper_QZ_SCHEDULER_STATE |
+| grouper_QZ_SIMPLE_TRIGGERS |
+| grouper_QZ_SIMPROP_TRIGGERS |
+| grouper_QZ_TRIGGERS |
+| grouper_attr_asn_asn_attrdef_v |
+| grouper_attr_asn_asn_efmship_v |
+| grouper_attr_asn_asn_group_v |
+| grouper_attr_asn_asn_member_v |
+| grouper_attr_asn_asn_mship_v |
+| grouper_attr_asn_asn_stem_v |
+| grouper_attr_asn_attrdef_v |
+| grouper_attr_asn_efmship_v |
+| grouper_attr_asn_group_v |
+| grouper_attr_asn_member_v |
+| grouper_attr_asn_mship_v |
+| grouper_attr_asn_stem_v |
+| grouper_attr_assign_action |
+| grouper_attr_assign_action_set |
+| grouper_attr_assn_action_set_v |
+| grouper_attr_def_name_set_v |
+| grouper_attr_def_priv_v |
+| grouper_attribute_assign |
+| grouper_attribute_assign_value |
+| grouper_attribute_def |
+| grouper_attribute_def_name |
+| grouper_attribute_def_name_set |
+| grouper_attribute_def_scope |
+| grouper_audit_entry |
+| grouper_audit_entry_v |
+| grouper_audit_type |
+| grouper_aval_asn_asn_attrdef_v |
+| grouper_aval_asn_asn_efmship_v |
+| grouper_aval_asn_asn_group_v |
+| grouper_aval_asn_asn_member_v |
+| grouper_aval_asn_asn_mship_v |
+| grouper_aval_asn_asn_stem_v |
+| grouper_aval_asn_attrdef_v |
+| grouper_aval_asn_efmship_v |
+| grouper_aval_asn_group_v |
+| grouper_aval_asn_member_v |
+| grouper_aval_asn_mship_v |
+| grouper_aval_asn_stem_v |
+| grouper_cache_instance |
+| grouper_cache_overall |
+| grouper_change_log_consumer |
+| grouper_change_log_entry |
+| grouper_change_log_entry_temp |
+| grouper_change_log_entry_v |
+| grouper_change_log_type |
+| grouper_composites |
+| grouper_composites_v |
+| grouper_config |
+| grouper_ddl |
+| grouper_ddl_worker |
+| grouper_ext_subj |
+| grouper_ext_subj_attr |
+| grouper_ext_subj_invite_v |
+| grouper_ext_subj_v |
+| grouper_fields |
+| grouper_file |
+| grouper_group_set |
+| grouper_groups |
+| grouper_groups_v |
+| grouper_loader_log |
+| grouper_members |
+| grouper_memberships |
+| grouper_memberships_all_v |
+| grouper_memberships_lw_v |
+| grouper_memberships_v |
+| grouper_message |
+| grouper_mship_attrdef_lw_v |
+| grouper_mship_stem_lw_v |
+| grouper_password |
+| grouper_password_recently_used |
+| grouper_perms_all_v |
+| grouper_perms_assigned_role_v |
+| grouper_perms_role_subject_v |
+| grouper_perms_role_v |
+| grouper_pit_attr_asn_value_v |
+| grouper_pit_attr_assn_actn |
+| grouper_pit_attr_assn_actn_set |
+| grouper_pit_attr_assn_value |
+| grouper_pit_attr_def_name |
+| grouper_pit_attr_def_name_set |
+| grouper_pit_attribute_assign |
+| grouper_pit_attribute_def |
+| grouper_pit_config |
+| grouper_pit_fields |
+| grouper_pit_group_set |
+| grouper_pit_groups |
+| grouper_pit_members |
+| grouper_pit_memberships |
+| grouper_pit_memberships_all_v |
+| grouper_pit_memberships_lw_v |
+| grouper_pit_mship_attr_lw_v |
+| grouper_pit_mship_group_lw_v |
+| grouper_pit_mship_stem_lw_v |
+| grouper_pit_perms_all_v |
+| grouper_pit_perms_role_subj_v |
+| grouper_pit_perms_role_v |
+| grouper_pit_role_set |
+| grouper_pit_stems |
+| grouper_recent_mships_conf |
+| grouper_recent_mships_conf_v |
+| grouper_recent_mships_load_v |
+| grouper_role_set |
+| grouper_role_set_v |
+| grouper_roles_v |
+| grouper_rpt_composites_v |
+| grouper_rpt_group_field_v |
+| grouper_rpt_groups_v |
+| grouper_rpt_members_v |
+| grouper_rpt_roles_v |
+| grouper_rpt_stems_v |
+| grouper_rules_v |
+| grouper_service_role_v |
+| grouper_stem_set |
+| grouper_stem_set_v |
+| grouper_stems |
+| grouper_stems_v |
+| grouper_sync |
+| grouper_sync_group |
+| grouper_sync_job |
+| grouper_sync_log |
+| grouper_sync_member |
+| grouper_sync_membership |
+| grouper_table_index |
+| grouper_time |
+| subject |
+| subjectattribute |
++--------------------------------+
+137 rows in set (0.00 sec)
+
+MariaDB [grouper]> select * from subject limit 14;
+Empty set (0.01 sec)
+
+MariaDB [grouper]> select * from grouper_fields limit 14;
++----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
+| id | name | read_privilege | type | write_privilege | hibernate_version_number | context_id |
++----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
+| 00581a894b494eec9e93be4cdd891993 | admins | admin | access | admin | 0 | 9d3d6b5bd99143afb05dfd99561696b8 |
+| 0b3161a3680c48c1b722a72f8b1c40bc | optouts | update | access | update | 0 | b50240e5effa4361b71323e9d5c9a7bc |
+| 0de8af51ad544fa6a213732a8c542823 | attrViewers | attrAdmin | attributeDef | attrAdmin | 0 | 2e3af4d1b75e4c78be189244930a709d |
+| 0e40442e4ac243d794d04358325520bc | attrDefAttrReaders | attrAdmin | attributeDef | attrAdmin | 0 | 381e2cd6786d4d8e90d0f7d77b32da67 |
+| 255fc7e133054b878b2d4c01bfd93165 | stemAdmins | stemAdmin | naming | stemAdmin | 0 | 97a0cf8dcf0a43b3a94d50befcb1eb5c |
+| 305e62bf85884c37967eb98524fe57c2 | groupAttrReaders | admin | access | admin | 0 | 34764af8cdb4418c839cab5517db852a |
+| 3376e64ec7554ed19b3ba0b87f1f6171 | updaters | admin | access | admin | 0 | 7c217bb5a38d433380b588c1aff55199 |
+| 409d78778bd64cfabd29c95d722262cc | viewers | admin | access | admin | 0 | 1cd07b69154349adb196d7d377ec9700 |
+| 5505ba72967646d2a40c0c911be77dd9 | members | read | list | update | 0 | 15935366dcfe4055b4d9fdea6f2fd67b |
+| 6babafbabdda4ec6ba5386304c1879e0 | attrAdmins | attrAdmin | attributeDef | attrAdmin | 0 | 0fe8cd3b8e6d4c78b892b5e8dc3c6e65 |
+| 751c7601cf744b7480d4e3934e0ba11b | creators | stemAdmin | naming | stemAdmin | 0 | b68c0fbd145d4e0796951be3e554982f |
+| 777e45bfe8b444d981b5847f5b747666 | stemAttrUpdaters | stemAdmin | naming | stemAdmin | 0 | 83a836278c3a43d89da880722bab8321 |
+| 7b6fe32054c948c1bdb3c807e78ea7f0 | attrUpdaters | attrAdmin | attributeDef | attrAdmin | 0 | 743c6154207d406493efaa81e59ce450 |
+| 8c90a53d88db4b0682531fc757150c75 | attrOptouts | attrUpdate | attributeDef | attrUpdate | 0 | 22f55fe926be4fbaae91221ffee0a6b5 |
++----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
+14 rows in set (0.00 sec)
+
+MariaDB [grouper]> select * from grouper_stems limit 104;
++----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
+| id | parent_stem | name | display_name | creator_id | create_time | modifier_id | modify_time | display_extension | extension | description | last_membership_change | alternate_name | hibernate_version_number | context_id | id_index |
++----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
+| 014a2040fc904c3f951c1ca39420fc01 | 1460b18ad220413a8b10958132304f0f | org | org | fdcb408c3a6947af8998427de915554b | 1634338885378 | NULL | 0 | org | org | NULL | NULL | NULL | 0 | 38979be0d56c4a71b6b6d4f248160bdd | 10035 |
+| 01a4b89a238d4b4a8b454d2097a23c98 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:userData | etc:attribute:userData | fdcb408c3a6947af8998427de915554b | 1634338866726 | fdcb408c3a6947af8998427de915554b | 1634338866740 | userData | userData | folder for built in Grouper user data attributes | NULL | NULL | 1 | 6474b2b0ea324ed09e6386980aae1f70 | 10028 |
+| 0c771c8fc20c44ff9bea428de431c69a | 1460b18ad220413a8b10958132304f0f | basis | basis | fdcb408c3a6947af8998427de915554b | 1634338885076 | NULL | 0 | basis | basis | NULL | NULL | NULL | 0 | e42fd743bf454c9da6193f3a1afd623c | 10033 |
+| 1460b18ad220413a8b10958132304f0f | NULL | : | : | fdcb408c3a6947af8998427de915554b | 1634338856527 | NULL | 0 | : | : | NULL | NULL | NULL | 0 | NULL | 10000 |
+| 1c11cda521564c55a79edf33415f6672 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attributeAutoCreate | etc:attribute:attributeAutoCreate | fdcb408c3a6947af8998427de915554b | 1634338859558 | fdcb408c3a6947af8998427de915554b | 1634338859578 | attributeAutoCreate | attributeAutoCreate | folder for attribute autocreate objects | NULL | NULL | 1 | 3b944866333c491ba94bc11dd400bc13 | 10009 |
+| 1edcbb78af7e4ed1a5b1603d8e66113f | f33f64d1396142b197743c7c63f0424b | etc:workflow | etc:workflow | fdcb408c3a6947af8998427de915554b | 1634338861348 | fdcb408c3a6947af8998427de915554b | 1634338861366 | workflow | workflow | folder for built in Grouper workflow attributes | NULL | NULL | 1 | 3d82f69836d545c198e47ab46e0cdd5f | 10017 |
+| 2af661d6825b4b489c22b073a51f3859 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:recentMemberships | etc:attribute:recentMemberships | fdcb408c3a6947af8998427de915554b | 1634338868207 | fdcb408c3a6947af8998427de915554b | 1634338868224 | recentMemberships | recentMemberships | folder for built in Grouper recent memberships objects | NULL | NULL | 1 | 6ba456a95c9440ef8877c9b5bbf859fe | 10030 |
+| 2bc1bb91da274980aa5754040a5a76a2 | f33f64d1396142b197743c7c63f0424b | etc:deprovisioning | etc:deprovisioning | fdcb408c3a6947af8998427de915554b | 1634338857873 | fdcb408c3a6947af8998427de915554b | 1634338857898 | deprovisioning | deprovisioning | folder for built in Grouper deprovisioning objects | NULL | NULL | 1 | 0f6604c953a246608bb1769849f78710 | 10003 |
+| 2c1543b8b0b04038ba944c7c78b9d49d | 52c8c0a28f8f46eea176d7f570da05ba | ref:dept | ref:dept | fdcb408c3a6947af8998427de915554b | 1634339551497 | NULL | 0 | dept | dept | NULL | NULL | NULL | 0 | 5cfc87334b544c869d95bfbf9324533d | 10052 |
+| 4512b03eb56541edab2301161070874d | f33f64d1396142b197743c7c63f0424b | etc:objectTypes | etc:objectTypes | fdcb408c3a6947af8998427de915554b | 1634338861066 | fdcb408c3a6947af8998427de915554b | 1634338861084 | objectTypes | objectTypes | folder for built in Grouper types objects | NULL | NULL | 1 | 7d87b11921a04b389a986a92757a34c6 | 10016 |
+| 49670d8066ce4494a60d9cd8006de8be | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:entities | etc:attribute:entities | fdcb408c3a6947af8998427de915554b | 1634338867056 | fdcb408c3a6947af8998427de915554b | 1634338867074 | entities | entities | folder for built in Grouper entities attributes | NULL | NULL | 1 | 483ecd3a28664561b0473ee48ce85915 | 10029 |
+| 52c8c0a28f8f46eea176d7f570da05ba | 1460b18ad220413a8b10958132304f0f | ref | ref | fdcb408c3a6947af8998427de915554b | 1634338885705 | NULL | 0 | ref | ref | NULL | NULL | NULL | 0 | 5b460accd455492a85a93ce2c9cf1821 | 10037 |
+| 55b6131823804d19a40da15b6fc556f2 | f33f64d1396142b197743c7c63f0424b | etc:legacy | etc:legacy | fdcb408c3a6947af8998427de915554b | 1634338859484 | NULL | 0 | legacy | legacy | NULL | NULL | NULL | 0 | 5b4b76dfa46945dc8df85d660063b302 | 10006 |
+| 56212d6b7f574006bbc62b7ba18257fb | f33f64d1396142b197743c7c63f0424b | etc:grouperUi | etc:grouperUi | fdcb408c3a6947af8998427de915554b | 1634341563414 | NULL | 0 | grouperUi | grouperUi | NULL | NULL | NULL | 0 | 14ee0ec47510473f9cfc6402cc809921 | 10063 |
+| 5846ebcdd815468e8c0404a813b793d8 | dd73523792b7421fa0f349bb836ad1b1 | etc:attribute:messages:grouperMessageTopics | etc:attribute:messages:grouperMessageTopics | fdcb408c3a6947af8998427de915554b | 1634338860405 | fdcb408c3a6947af8998427de915554b | 1634338860425 | grouperMessageTopics | grouperMessageTopics | folder for message topics, add a permission here for a topic, imply queues by the topic | NULL | NULL | 1 | 53adc0c00e334a0ab2b51065e81510be | 10012 |
+| 5e10f8faf1d7454690efc2d421c55ff9 | f33f64d1396142b197743c7c63f0424b | etc:usdu | etc:usdu | fdcb408c3a6947af8998427de915554b | 1634338859254 | fdcb408c3a6947af8998427de915554b | 1634338859273 | usdu | usdu | folder for built in Grouper usdu objects | NULL | NULL | 1 | e79643256df3486a8a060f5124745489 | 10005 |
+| 5f7ebf561aae43f493670d8318df319d | f33f64d1396142b197743c7c63f0424b | etc:provisioning | etc:provisioning | fdcb408c3a6947af8998427de915554b | 1634338858891 | fdcb408c3a6947af8998427de915554b | 1634338858909 | provisioning | provisioning | folder to store attribute defs and names for provisioning in ui | NULL | NULL | 1 | 332d999ee7b241d4b90ee0d180338763 | 10004 |
+| 6676add5fbc545f483760fa62051a72d | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attrLoader | etc:attribute:attrLoader | fdcb408c3a6947af8998427de915554b | 1634338864732 | fdcb408c3a6947af8998427de915554b | 1634338864750 | attrLoader | attrLoader | folder for built in Grouper loader attributes | NULL | NULL | 1 | 78bb88f08fc24d29ad947840f72838e3 | 10022 |
+| 70179d3d43594d5eb4360c695c58ab8f | 7b57c6cc59004da3a32e3cc2d09873b7 | etc:attribute:instrumentationData:instrumentationDataInstances | etc:attribute:instrumentationData:instrumentationDataInstances | fdcb408c3a6947af8998427de915554b | 1634338866324 | fdcb408c3a6947af8998427de915554b | 1634338866338 | instrumentationDataInstances | instrumentationDataInstances | folder for Grouper instances | NULL | NULL | 1 | fa82194312634d31be8a5f8aeaf26e64 | 10026 |
+| 7805f6ecdaa94b1c8edee6307ce01448 | 1460b18ad220413a8b10958132304f0f | bundle | bundle | fdcb408c3a6947af8998427de915554b | 1634338885246 | NULL | 0 | bundle | bundle | NULL | NULL | NULL | 0 | 7ec9f0cf8cd14945889ba78cd9f05c66 | 10034 |
+| 7b57c6cc59004da3a32e3cc2d09873b7 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:instrumentationData | etc:attribute:instrumentationData | fdcb408c3a6947af8998427de915554b | 1634338866294 | fdcb408c3a6947af8998427de915554b | 1634338866309 | instrumentationData | instrumentationData | folder for built in Grouper instrumentation data attributes | NULL | NULL | 1 | 79ac1ee0b30c41078ec2e993237b4d6b | 10025 |
+| 7c3ead9716394dd5b1d665553d62b411 | f33f64d1396142b197743c7c63f0424b | etc:reportConfig | etc:reportConfig | fdcb408c3a6947af8998427de915554b | 1634338862536 | fdcb408c3a6947af8998427de915554b | 1634338862554 | reportConfig | reportConfig | folder for Grouper report config | NULL | NULL | 1 | 6b743da5e18e44a39b64450432afa3a3 | 10018 |
+| 7fb87d1ea78c4d7d8b05d755f96ebc5b | 837f5eb3402649fea5e6077c9fdfd1b0 | app:wordpress | app:wordpress | fdcb408c3a6947af8998427de915554b | 1634338887511 | NULL | 0 | wordpress | wordpress | NULL | NULL | NULL | 0 | 5cfef8378815412abb0131f2f81cfe9e | 10040 |
+| 81a1c073c1da471b8bf26ae7e4e005fb | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:upgradeTasks | etc:attribute:upgradeTasks | fdcb408c3a6947af8998427de915554b | 1634338865856 | fdcb408c3a6947af8998427de915554b | 1634338865883 | upgradeTasks | upgradeTasks | folder for upgrade tasks objects | NULL | NULL | 1 | 51ddf240660344e284fc572e34f2e184 | 10024 |
+| 837f5eb3402649fea5e6077c9fdfd1b0 | 1460b18ad220413a8b10958132304f0f | app | app | fdcb408c3a6947af8998427de915554b | 1634338884634 | NULL | 0 | app | app | NULL | NULL | NULL | 0 | 6080bed7b10c4e60afac6df510f9df3a | 10032 |
+| 8ba2d52d5725439a89b4e7892e1188d0 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attestation | etc:attribute:attestation | fdcb408c3a6947af8998427de915554b | 1634338860487 | fdcb408c3a6947af8998427de915554b | 1634338860503 | attestation | attestation | folder for built in Grouper attestation attributes | NULL | NULL | 1 | 8f78bb229dc24ff9b131da393d0b5434 | 10014 |
+| 8c7c8ac9004246688cd181c0c142ca70 | 1460b18ad220413a8b10958132304f0f | test | test | fdcb408c3a6947af8998427de915554b | 1634338885549 | NULL | 0 | test | test | NULL | NULL | NULL | 0 | 45138af0d2cb49ee806e155a9948ccaf | 10036 |
+| 91d0b37f0cc240088a08a9844f13f5c1 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:customUi | etc:attribute:customUi | fdcb408c3a6947af8998427de915554b | 1634338860905 | fdcb408c3a6947af8998427de915554b | 1634338860921 | customUi | customUi | folder for Grouper custom UI attributes | NULL | NULL | 1 | 1e69f11417e14daf84b2bbf27c225122 | 10015 |
+| 97dbe2ebdd2b4252a9996bd89a98848a | 55b6131823804d19a40da15b6fc556f2 | etc:legacy:attribute | etc:legacy:attribute | fdcb408c3a6947af8998427de915554b | 1634338859504 | fdcb408c3a6947af8998427de915554b | 1634338859520 | attribute | attribute | Folder for legacy attributes. Do not delete. | NULL | NULL | 1 | b40b236f3dc540b789298902ce29d3f4 | 10007 |
+| 9ac0d028bf5b4bd9b4284c7a065e7e63 | 52c8c0a28f8f46eea176d7f570da05ba | ref:affiliation | ref:affiliation | fdcb408c3a6947af8998427de915554b | 1634338886062 | NULL | 0 | affiliation | affiliation | NULL | NULL | NULL | 0 | b70577c94ad84c2895d68f82b7d902df | 10039 |
+| 9be16f90a959459eb3c1ab10c328f93b | dd73523792b7421fa0f349bb836ad1b1 | etc:attribute:messages:grouperMessageQueues | etc:attribute:messages:grouperMessageQueues | fdcb408c3a6947af8998427de915554b | 1634338860448 | fdcb408c3a6947af8998427de915554b | 1634338860469 | grouperMessageQueues | grouperMessageQueues | folder for message queues, add a permission here for a queue, implied queues by the topic | NULL | NULL | 1 | e52d894774fc4a819d0deee86a0a9e40 | 10013 |
+| 9c32917c44704f3482c15b2a21dae483 | f33f64d1396142b197743c7c63f0424b | etc:attribute | etc:attribute | fdcb408c3a6947af8998427de915554b | 1634338859538 | NULL | 0 | attribute | attribute | NULL | NULL | NULL | 0 | 0be82f44d8e6482d8854ee10e6a3010b | 10008 |
+| a35549a8c04f46d68def2766810e682b | 52c8c0a28f8f46eea176d7f570da05ba | ref:course | ref:course | fdcb408c3a6947af8998427de915554b | 1634338885867 | NULL | 0 | course | course | NULL | NULL | NULL | 0 | e19df33ec9ab495eb931d1f32b0cd9e1 | 10038 |
+| ac4d6965296a4b45a1cb31b95ffa262d | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:permissionLimits | etc:attribute:permissionLimits | fdcb408c3a6947af8998427de915554b | 1634338864339 | fdcb408c3a6947af8998427de915554b | 1634338864359 | permissionLimits | permissionLimits | folder for built in Grouper permission limits | NULL | NULL | 1 | e6b1ef21ffe248a3849a319b39a3b85f | 10021 |
+| accc53ee36234bc5a4b67876d382e595 | 7b57c6cc59004da3a32e3cc2d09873b7 | etc:attribute:instrumentationData:instrumentationDataCollectors | etc:attribute:instrumentationData:instrumentationDataCollectors | fdcb408c3a6947af8998427de915554b | 1634338866353 | fdcb408c3a6947af8998427de915554b | 1634338866370 | instrumentationDataCollectors | instrumentationDataCollectors | folder for Grouper collectors | NULL | NULL | 1 | 3245755396314e12a4de7f80f3005b7a | 10027 |
+| b27a309d5e2b4a0291cc421ca4911f78 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:loaderLdap | etc:attribute:loaderLdap | fdcb408c3a6947af8998427de915554b | 1634338865090 | fdcb408c3a6947af8998427de915554b | 1634338865106 | loaderLdap | loaderLdap | folder for built in Grouper loader ldap attributes | NULL | NULL | 1 | ef95069f96ad4f15b0761648d239351f | 10023 |
+| bd7a98efa41f4bf3b0814f4a1d6bfc75 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:rules | etc:attribute:rules | fdcb408c3a6947af8998427de915554b | 1634338863675 | fdcb408c3a6947af8998427de915554b | 1634338863700 | rules | rules | folder for built in Grouper rules attributes | NULL | NULL | 1 | bf6e74daf89f48c792779b2a901c34da | 10020 |
+| d687641d7a794177a2e2d092f773bcfe | 837f5eb3402649fea5e6077c9fdfd1b0 | app:mailinglist | app:mailinglist | fdcb408c3a6947af8998427de915554b | 1634338888263 | NULL | 0 | mailinglist | mailinglist | NULL | NULL | NULL | 0 | 89b9e2d7b5f2461eaadc1754a03e8ef7 | 10041 |
+| dd73523792b7421fa0f349bb836ad1b1 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:messages | etc:attribute:messages | fdcb408c3a6947af8998427de915554b | 1634338860167 | fdcb408c3a6947af8998427de915554b | 1634338860191 | messages | messages | folder for message queues and topics, topic to queue relationships and permissions | NULL | NULL | 1 | 559972ebd6964d84a0bc0fedae698af4 | 10011 |
+| f2fee1cee0874093ab97a7217a2f16e8 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attrExternalSubjectInvite | etc:attribute:attrExternalSubjectInvite | fdcb408c3a6947af8998427de915554b | 1634338859759 | fdcb408c3a6947af8998427de915554b | 1634338859776 | attrExternalSubjectInvite | attrExternalSubjectInvite | folder for built in external subject invite attributes, and holds the data via attributes for invites. Dont delete this folder | NULL | NULL | 1 | 1e814611f53e42fe8f364a8e6f23e3e4 | 10010 |
+| f33f64d1396142b197743c7c63f0424b | 1460b18ad220413a8b10958132304f0f | etc | etc | fdcb408c3a6947af8998427de915554b | 1634338857266 | NULL | 0 | etc | etc | NULL | NULL | NULL | 0 | 32ab050195cd4d44a963ec78e36a1399 | 10002 |
+| fadfdc6f3df04824b861fcdd1c093edb | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:loaderMetadata | etc:attribute:loaderMetadata | fdcb408c3a6947af8998427de915554b | 1634338863428 | fdcb408c3a6947af8998427de915554b | 1634338863449 | loaderMetadata | loaderMetadata | folder for built in Grouper Loader Metadata attributes | NULL | NULL | 1 | 7dd430afcea44319b484546d203b4253 | 10019 |
++----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
+42 rows in set (0.00 sec)
+
+MariaDB [grouper]> describe grouper_stems;
++--------------------------+---------------+------+-----+---------+-------+
+| Field | Type | Null | Key | Default | Extra |
++--------------------------+---------------+------+-----+---------+-------+
+| id | varchar(40) | NO | PRI | NULL | |
+| parent_stem | varchar(40) | YES | MUL | NULL | |
+| name | varchar(255) | NO | UNI | NULL | |
+| display_name | varchar(255) | NO | MUL | NULL | |
+| creator_id | varchar(40) | NO | MUL | NULL | |
+| create_time | bigint(20) | NO | MUL | NULL | |
+| modifier_id | varchar(40) | YES | MUL | NULL | |
+| modify_time | bigint(20) | YES | MUL | NULL | |
+| display_extension | varchar(255) | NO | MUL | NULL | |
+| extension | varchar(255) | NO | MUL | NULL | |
+| description | varchar(1024) | YES | | NULL | |
+| last_membership_change | bigint(20) | YES | MUL | NULL | |
+| alternate_name | varchar(255) | YES | MUL | NULL | |
+| hibernate_version_number | bigint(20) | YES | | NULL | |
+| context_id | varchar(40) | YES | MUL | NULL | |
+| id_index | bigint(20) | NO | UNI | NULL | |
++--------------------------+---------------+------+-----+---------+-------+
+16 rows in set (0.00 sec)
+```
+
+
+- - -
+_2021-10-12 13:21 Workbench Wiki Site Map_
+
+https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
+ <- Workbench Entrypoint link. *Start here* +
+https://spaces.at.internet2.edu/x/-IKeCg
+ <- Permanent link to Workbench Entrypoint +
+
+===== Links on that page:
+
+* "Curious to see what the workbench includes? Follow this link" https://spaces.at.internet2.edu/pages/viewpage.action?pageId=178160388"
+
+* "Launch your CSP Workbench Instance" https://spaces.at.internet2.edu/display/TAPW/Launch+Your+CSP+Workbench+Instance
+
+* "Choose from a graded selection of how-tos and case studies for the Workbench" https://spaces.at.internet2.edu/display/TAPW/Workbench+How-tos+and+Case+Studies
+
+** Starting simple
+
+*** The Workbench as a Realization of the TAP Reference Architecture
+
+** Basic Tasks
+
+*** "Connect a Student Information System to midPoint"
+
+*** "Configuring Near-Real Time Provisioning and DeProvisioning of Wordpress Administrators"
+
+** End-to-End Case Studies
+
+*** "See the Workbench Managing Access to Applications and Services" https://spaces.at.internet2.edu/display/MID/See+the+Workbench+Managing+Access+to+Applications+and+Services
+
+*** "Providing Identity and Access Management Services to Research Organizatiohn with COmanage" https://spaces.at.internet2.edu/display/TAPW/COmanage+Integration+and+Basic+Walkthrough
+
+.
+
+- - -
+_2021-09-29 11:00 More WB prep_
+
+Keith Hazelton 07:53
+
+Have a look at the current version of the Workbench wiki pages starting at
+https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
+
+I’ve restructured the bottom half of the page in the hope that users will experience a smoother flow.
+
+To dig deeper, follow the three links near the bottom of that page, (edited)
+
+save links:
+https://spaces.at.internet2.edu/display/TAPW/COmanage+Integration+and+Basic+Walkthrough
+https://spaces.at.internet2.edu/display/TAPW/Workbench+Basic+Walkthrough
+
+
+The good mP admin walkthrough:
+Erin / Internet2 to Everyone (11:34)
+https://spaces.at.internet2.edu/display/MID/Getting+Started+with+the+InCommon+Trusted+Access+Platform+Workbench
+
+- - -
+
+CSP Work Bench CSPWB-53 Add a graded selection of how-to's and CSP case studies to the workbench
+Epic Link: WB How-tos and Tutorials
+In Progress
+
+- - -
+_2021-09-29 11:00 WB prep_
+
+https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
+ <- Start here +
+
+On that page, there is a section called "Running Your Own Workbench Instance". The link "Workbench Repository" point to
+https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench
+
+Under "Getting Started with the Workbench", there is a "Visit Canvas" link that goes to https://learning.internet2.edu/courses/72/pages/workbench. The "Resources" section there contains a link back to the initial page labeled 'start here' above. That could be confusing. I recommend ditching the "Resources" section and replacing with a link to a TBD page, "Getting familiar with the Workbench" with a selection of case study walk-throughs.
+
+Back on the start here page,
+https://spaces.at.internet2.edu/pages/viewpage.action?pageId=178160388
+ <- +
+Replace the "Getting +++<del>+++Started+++</del>+++ Familiar with the Various Uses of the Workbench" section, a link on that phrase that goes to the page with that title that has a graded selection of case study walk-throughs.
+
+"Getting Familiar with the Various Uses of the Workbench":
+
+- - -
+_2021-08-25 10:59 WB prep_
+
+Check getting started w Workbench wiki page ToC
+
+check CSP 2022 Calendar of Events gDoc
+
+30' overview of component, Slavek mP followed by related use case, Ethan UNC
+
+From MarkR on the 10th of August:
+
+"Folks - A quick update on the IAM Architecture Project. I am still working on narratives for two of the five use cases. My hope is to get the narratives finished and create the needed diagrams in the coming couple of weeks. Let me know there are comments or concerns."
+Let me know if you have additional questions or concerns."
+
+- - -
+_2021-08-18 13:15 WB prep_
+
+https://todos.internet2.edu/secure/RapidBoard.jspa?rapidView=157&selectedIssue=CSPWB-16
+
+https://spaces.at.internet2.edu/display/MID/Getting+Started+with+the+InCommon+Trusted+Access+Platform+Workbench
+
+- - -
+_2021-08-12 11:00 Future Evolution of Workbench_
+
+Let’s use this time to chat about the CSP workbench and changes for this program cycle:
+
+Review WB Wiki materials from last round.
+
+CSP Kickoff Sept. 16-17
+
+- Rolling it out earlier in the program
+- Documentation of features and cookbook (?)
++ Teaching users how to use it (after Grouper training) and explain where touchpoints are
+- What to share in Kick Off (demo?)
+- Timing for all of this loveliness
+
+Thanks, all! Erin
+
+- - -
+_2021-07-22 12:46 Workbench rebuilt, restarted on aktis.org_
+
+service [apache2, postgresql] stop <- free up ports 80, 443, and 5432 for Workbench use
+
+clean and build from scratch
+```
+docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
+
+cd ~/opt
+rm -rf InCommonTAP-Examples-current
+git clone git@github.internet2.edu:internet2/InCommonTAP-Examples.git
+cp -r InCommonTAP-Examples InCommonTAP-Examples-current
+mv InCommonTAP-Examples InCommonTAP-Examples-2021-07-22
+cd InCommonTAP-Examples-current/Workbench
+docker-compose up -d --build
+
+kh@localhost:~/opt/InCommonTAP-Examples-current/Workbench$ docker ps
+CONTAINER ID IMAGE- COMMAND CREATED STATUS PORTS NAMES
+15950f873005 workbench_comanage-cron "docker-comanage-cro…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp workbench_comanage-cron_1
+932a78f87942 workbench_idp "/usr/bin/startup.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:13443->443/tcp workbench_idp_1
+5014dc8aa914 workbench_comanage "docker-supervisord-…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 8080/tcp, 0.0.0.0:11443->443/tcp workbench_comanage_1
+86087354949c workbench_midpoint_server "/usr/local/bin/star…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:10443->443/tcp workbench_midpoint_server_1
+bec3babd203d workbench_grouper_ws "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:9443->443/tcp workbench_grouper_ws_1
+e515f8b56d42 workbench_grouper_ui "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:8443->443/tcp workbench_grouper_ui_1
+714b318c2a41 workbench_grouper_daemon "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp workbench_grouper_daemon_1
+ddb5d3dbbbb0 workbench_wordpress_server "bash -c 'if [ ! -s …" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:12443->443/tcp workbench_wordpress_server_1
+95a8369f86ac workbench_idp_ui "/usr/bin/supervisor…" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:8080->8080/tcp, 8443/tcp workbench_idp_ui_1
+aef18a2368de workbench_directory "/bin/sh -c 'rm -rf …" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:389->389/tcp, 443/tcp workbench_directory_1
+949e2d9dd6f4 tier/mariadb:mariadb10 "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:33306->3306/tcp workbench_midpoint_data_1
+a8810afeb95c workbench_wordpress_data "docker-entrypoint.s…" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:32770->3306/tcp workbench_wordpress_data_1
+22f3f5dba832 tier/mariadb:mariadb10.2 "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:33366->3306/tcp workbench_idp_ui_data_1
+8e99a7bf9092 workbench_comanage_data "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:23306->3306/tcp workbench_comanage_data_1
+95f57c5926f7 workbench_grouper_data "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp, 0.0.0.0:3306->3306/tcp workbench_grouper_data_1
+21e32571a6f9 workbench_mq "/usr/local/bin/demo…" 12 minutes ago Up 12 minutes (healthy) 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp workbench_mq_1
+8d90968c78ea workbench_webproxy "/usr/local/bin/star…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:443->443/tcp workbench_webproxy_1
+c5852f1236c9 workbench_sources "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:13306->3306/tcp workbench_sources_1
+kh@localhost:~/opt/InCommonTAP-Examples-current/Workbench$
+```
+
+~30 minutes from code clone to running Workbench
+
+- - -
+_2021-04-28 17:13 Workbench rebuilt, restarted on aktis.org_
+
+https://aktis.org/
+ <- Workbench jump page +
+
+- - -
+_2021-03-07 11:32 install CSP workbench on aktis.org_
+
+Success except that the midPoint server failed to start.
+
+edited Wordpress metadata to include hostname in SAML entityId
+
+SCIM use outbound howto: Jessica:
+
+ChrisHy
+
+AWS is connected by SCIM @ Penn groups, userinfo: name, email, id; to Sailpoint or to SQL; groups & memberships
+
+inconsistent support for Server capabilities
+
+Chris Hy: Grouper provision to mP via SCIM would be nice (but breaks the mP pull model)
+ " "
+ " "
+ v v
+SCIM 'client' SCIM 'server'
+
+```
+ssh into the AWS host and do a
+docker-compose down
+git pull
+docker-compose up --build -d
+and freshen your instance without losing data
+```
+- - -
+_2021-01-07 11:00 workB touchbase_
+
+Erin Murtha to Everyone (11:32)
+One sec
+Erin Murtha to Everyone (11:37)
+Sand bench names: https://docs.google.com/document/d/1lvqMdLlPR7n-hc25y2kSj0G_pPHWntU4To0jNNV9PsI/edit
+https://docs.google.com/document/d/1lvqMdLlPR7n-hc25y2kSj0G_pPHWntU4To0jNNV9PsI/edit <- Jump Page
+
+- - -
+_2020-12-10 11:20 meetup_
+
+Here’s the page Slavek put up on Nov. 24. It has details on the Shibbing of midPoint supporting a simple configuration switch between Shib and Evolveum’s own SAML SP solution:
+https://spaces.at.internet2.edu/display/MID/Shibboleth+demo
+ <- +
+
+https://docs.google.com/document/d/1FhPHPmaDo2-Co6vtWUJNjQ4hTlfRVPNNyOV3-RWQyH8/edit#heading=h.
+ <- kickoff agenda
+
+Mike Mays to Erin: Oveall timeline--how much hands on can we expect?
+
+- - -
+_2020-12-10 09:18 Configure mP 4.2 to use Shibboleth for SAML_
+ https://spaces.at.internet2.edu/display/MID/Shibboleth+demo
+
+- - -
+
+https://docs.evolveum.com/midpoint/studio/
+https://docs.google.com/document/d/1YldIXPkZLVkKpf_9xX1VqJMAUSBvSxeKZEx7FweTP-o/edit#heading=h.23shvvdgh9qg
+ <- wB documentation & testing +
+SEE wasabi.adoc for local install
+
+next] Use U Del plan as an initial test case for campus integration
+
+ export CSPHOSTNAME=localhost (xps, wasabi)
+
+https://github.internet2.edu/internet2/InCommonTAP-Examples
+
+- - -
+_2020-12-17 08:20:27 Prep for Workbench tutorials and how-tos_
+
+*Base URL*
+ https://localhost/ csp/wb
+
+*admin user: banderson pw*
+
+* midPoint
+* Grouper
+* COmanage
+
+*admin/54y6RxN7GfC7aes3*
+
+* WordPress
+
+*LDAP, SQL, AMQP visibility*
+
+* RabbitMQ: guest/pw
+* LDAP Admin: cn=admin,dc=internet2,dc=edu / pw
+* SQL Admin
+
+*Shibboleth*
+
+* Grouper SP status page
+* midPoint SP status page
+* COmanage SP status page
+
+* IdP status page
+* UI for IdP config
+
+.
+
+- - -
+
+Paul Caskey 08:35
+We don't yet have a mail relay
+
+Keith Hazelton 08:36
+ahh, my mistake, I saw BillK mention email and jumped to conclusions
+
+Paul Caskey 08:37
+We'll get there... :slightly_smiling_face:
+
+Keith Hazelton 08:38
+I want to write up some instructions on using midPoint Studio for remote access to the container
+
+Paul Caskey 08:39
+Good idea!!
+
+Keith Hazelton 08:39
+Ppl would have to install that locally, but it's pretty straighforward
+They can use the Community edition of IntelliJ
+
+Paul Caskey 08:40
+That's what I use and it's works great for MP.
+
+Keith Hazelton 08:41
+It's so cool, all this stuff, it's like having IAM in a glass box--you can see how everything works
+:gift:
+
+Paul Caskey 08:42
+Yes and you can be risky because if you screw it up, then we just :shotgun:
+
+Bill Kaufman:monkey: 08:43
+Q: if you :shotgun: are LDAP and mysql etc. preserved?
+
+Keith Hazelton 08:46
+This is something commercial products would have real trouble replicating
+there's no profit to be made
+
+Bill Kaufman:monkey: 08:48
+Are you getting support from MikeG @pcaskey?
+
+Paul Caskey 09:14
+@khazelton On a local install, yes, they are typically preserved because, by default, docker-compose down doesn't delete volumes and that's where data is preserved. On our AWS installs, typically we just kill the node and let AWS spin up a new node, which does wipe the data. But, it's not hard to ssh into the AWS host and do a docker-compose down, then git pull, then docker-compose up --build -d and freshen your instance without losing data.
+
+@wkaufman A little. Apparently there's not much Pac4J knowledge to be had there. IMHO, we should be running the shibb SP with the IdP UI. We didn't want a weird SP with midPoimt, not sure why we'd want it with the IdP UI...
+
+Bill Kaufman:monkey: 09:17
+Then we should update the requirements
+
+Paul Caskey 09:20
+I have 5 issues with the IdP UI:
+If I enable their additional MetadataProvider in the IdP's services.xml, then no other metadata is loaded.
+Can't upload metadata from a URL (in the workbench) due to the UI insisting on java-based cert trust
+Can't upload metadata from a file due to an error in the UI (reported to Mike G)
+Can't get the SAML integration to work
+We'll need to use the API to pre-load metadata into the UI for the workbench. Would be nice to have some doc on what the various API calls are...
+
+Bill Kaufman:monkey: 09:22
+Ok, I would like to share this directly with Mike, Jj, Charise and SteveE to get input and refactor what we need to in the Work Segment. There have been several hanging chads they have not addressed. @chubing do you have anything to add?
+:no:
+1
+
+
+Keith Hazelton 09:30
+@pcaskey The jump page has links for the SP status pages for Grouper and midPoint; Could there be one for the COmanage status page, too, or is that an odd duck?
+
+Paul Caskey 09:34
+Yes, I'll add that right now
+
+Keith Hazelton 09:41
+What do you think of moving the Shib info down to the bottom of the jump page; That way we'd lead off with the main components. Just a thought
+I'd like to try configuring an LDAP connector that exposes the COmanage guest OU as another SoR resource.
+Shouldn't be too painful.
+
+Paul Caskey 09:47
+I already have such a resource, just haven't uploaded it yet since the LDAP stuff isn't there yet
+
+Keith Hazelton 09:47
+At least for now, it would be one-way: Guest OU to midPoint
+I see a guest ou with one user in it
+
+Paul Caskey 09:48
+basically a copy of what we have in IAM/ICP
+It's a dummy user from LDIF. Still working on the provisioning, etc
+
+Keith Hazelton 09:48
+Far be it from me to take work away from you, @pcaskey
+:smiley:
+
+Paul Caskey 09:49
+LOL
+Happy to change jump page in any way... Can you propose a list of links (and categories) from top down?
+BTW, the COmanage SP's status pg -> jump pg is merged now (edited)
+:beer:
+
+Keith Hazelton 09:50
+Sure. Wondering what to do about un/pw exposure; Is the basic auth enough to make us feel safe? Include on the jump page or create a separate cheat sheet? (edited)
+
+Paul Caskey 09:51
+It's a fine question... :wink:
+
+Ethan Kromhout 09:51
+I'll want to add a link to the wp-admin page, assuming I ever get wordpress fully working behind the proxy.
+:heavy_check_mark:
+
+Paul Caskey 09:52
+and I guess we should also add a link to the WP Shibb SP's status pg like we did the others
+:heavy_check_mark:
+
+- - -
+
+*Jump page*
+
+Welcome to the InCommon TAP Workbench!
+
+This is your own personal instance of the InCommon Trusted Access Platform Workbench.
+
+For complete documentation, see this page.
+
+The system contains the following TAP components (click the links to access each component in its own tab):
+
+ Shibboleth IdP (4.0.1)
+ Shibboleth IdP UI (1.7.0)
+ Shibboleth SPs:
+ Grouper SP (3.1.0)
+ midPoint SP (3.1.0)
+ Grouper (2.5.37)
+ midPoint (4.2)
+ COmanage (3.3.1)
+
+The system also contains the following downstream/target applications:
+
+ WordPress
+
+In addition, the following applications are available:
+
+ Rabbit MQ
+ LDAP Admin
+ SQL Admin
+
+- - -
+_2020-11-21 14:19 open issues with InCommonTAP-Examples/Workbench (Integrated TAP Component Package} on wasabi)_
+
+export CSPHOSTNAME=wasabi
+
+Original version of ../Workbench/upload-import-sis-persons.sh had library.bash in midPoint_container directory and the hostname was hardcoded to 'localhost' in library.bash
+
+Corrected version with library.bash in current directory and sed-settable hostname:
+
+change "source ../../library.bash" to "source library.bash"
+
+
+```
+-rw-r--r-- 1 khazelton khazelton 23045 Nov 21 12:23 library.bash
+-rw-r--r-- 1 khazelton khazelton 22950 Nov 21 11:36 library.bash.orig
+-rw-r--r-- 1 khazelton khazelton 23045 Nov 21 12:31 library.bash.template
+
+../Workbench$ sed 's/__CSPHOSTNAME__/wasabi/g' library.bash.template > library.bash
+
+- - -
+
+cat upload-import-sis-persons.sh
+Shibboleth
+source library.bash
+midpoint-objects-manual/tasks/task-import-sis-persons.xml
+```
+
+./upload-import-sis-persons.sh fails with errors as it attempts to load each user
+
+```
+khazelton@wasabi:~/opt/InCommonTAP-Examples/Workbench$ ./upload-import-sis-persons.sh
+
+Uploading midpoint-objects-manual/tasks/task-import-sis-persons.xml (tasks, 22c2a3d0-0961-4255-9eec-c550a79aeaaa)
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>405 Method Not Allowed</title>
+</head><body>
+<h1>Method Not Allowed</h1>
+<p>The requested method PUT is not allowed for the URL /midpoint/ws/rest/tasks/22c2a3d0-0961-4255-9eec-c550a79aeaaa.</p>
+</body>
+</html>
+```
+The upload file function being called; Note that I changed the curl command from 'localhost' to 'wasabi'
+```
+
+function upload_from_file () {
+ local FILENAME=$1
+ local OPTIONS_TO_ADD=$2
+ local REGEX="midpoint-objects.*/(.*)/(.*)"
+ if [[ $FILENAME =~ $REGEX ]]
+ then
+ TYPE="${BASH_REMATCH[1]}"
+ OID=`cat $FILENAME | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+ echo "Uploading $FILENAME ($TYPE, $OID)"
+ curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://wasabi:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
+ else
+ echo "Skipping $FILENAME"
+ fi
+}
+```
+But with 4.2 version straight from internet2 repo running on xps, that script runs successfully and imports 100 students as users
+
+- - -
+_2020-11-20 13:58 WB meeting: PaulC showing WB_
+
+```
+CSPHOSTNAME=abc.workbench.incommon.org
+
+https://abc.workbench.incommon.org <- tests can be run here until further notice
+
+ssh csprootuser@abc.workbench.incommon.org
+T3sting123!
+
+cat /etc/os-release
+
+NAME="Amazon Linux"
+VERSION="2"
+ID="amzn"
+ID_LIKE="centos rhel fedora"
+VERSION_ID="2"
+PRETTY_NAME="Amazon Linux 2"
+ANSI_COLOR="0;33"
+CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
+HOME_URL="https://amazonlinux.com/"
+
+cat /csp-tap/InCommonTAP-Examples/README.md
+
+# InCommonTAP-Examples
+Contains example uses of the InCommon Trusted Access Platform components working together
+
+Below are the names/ports that the components in the demos will use. Not all demos use all components.
+
+## ITAP Training Environment Names/Ports ##
+
+**Web Proxy**
+* name:
+* port: 443
+
+**IdP**
+* name: idp.example.org
+* port: 13443
+
+**Grouper**
+* name: grouper.example.org
+* port: 8443
+
+**Grouper-WS**
+* name: grouper-ws.example.org
+* port: 9443
+
+**COmanage**
+* name: comanage.example.org
+* port: 12443
+
+**midPoint**
+* name: midpoint.example.org
+* port: 10443
+
+**Satosa**
+* name: proxy.example.org
+* port: 11443
+
+**LDAP**
+* name: ldap.example.org
+* port: 389, 636
+
+**DB**
+* name: db.example.org
+* port: 3306, 5432
+
+**Rabbit**
+* name: rabbit.example.org
+* port: 15672 (web), 5671, 5672
+
+**HRMS**
+* name: hr.example.org
+* port: 14443
+
+**SIS**
+* name: sis.example.org
+* port: 15443
+
+**Wordpress**
+* name: www<span></span>.example.org
+* port: 16443
+[csprootuser@ip-172-31-37-171 ~]$
+```
+
+Getting started with midPoint page on Spaces wiki as starting point for documentation
+
+- - -
+_2020-10-29 11:00 WB meeting_
+
+get mP 4.2 w native Shib into IncommonTAP-Examples CSPWB-27
+
+- - -
+_2020-10-23 17:25 mP 4.2 released_
+
+http://www.evolveum.com/downloads/midpoint/4.2/midpoint-4.2-dist.tar.gz
+- - -
+_2020-10-18 13:27 Success building and running grouper/demo with latest midPoint 4.2 snapshot_
+
+stop mariadb on Mac NbP
+```
+brew services stop mariadb
+Stopping `mariadb`... (might take a while)
+==> Successfully stopped `mariadb` (label: homebrew.mxcl.mariadb)
+```
+make sure demo/grouper ports are clear
+```
+lsof -nP -iTCP -sTCP:LISTEN
+COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
+mongod 1282 khazelton 9u IPv4 0xf4239cf2343db489 0t0 TCP 127.0.0.1:27017 (LISTEN)
+Loop 1296 khazelton 4u IPv4 0xf4239cf21f986f69 0t0 TCP 127.0.0.1:3641 (LISTEN)
+Loop 1296 khazelton 6u IPv6 0xf4239cf234903c99 0t0 TCP [::1]:3641 (LISTEN)
+BlueJeans 1305 khazelton 3u IPv4 0xf4239cf21f98b489 0t0 TCP 127.0.0.1:18171 (LISTEN)
+com.docke 1445 khazelton 13u IPv4 0xf4239cf2343d8d09 0t0 TCP 127.0.0.1:49272 (LISTEN)
+```
+wipe clean all Docker images, containers, and volumes
+```
+docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
+```
+clone the latest I2/mP demo package, position copies
+```
+git clone https://github.internet2.edu/Docker/midPoint_container.git
+
+cp -rf midPoint_container midPoint_container-current
+cd midPoint_container-current
+```
+build the images
+```
+./build.sh
+```
+change to demo folder and bring up the containers
+```
+docker-compose up --build
+
+docker ps
+
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+eb8f27710675 grouper_midpoint_server "/usr/local/bin/star…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:8443->443/tcp grouper_midpoint_server_1
+911ee2e95760 grouper_grouper_daemon "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 443/tcp grouper_grouper_daemon_1
+ae1c21eace64 grouper_grouper_ws "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:9443->443/tcp grouper_grouper_ws_1
+7e886049a70a grouper_grouper_ui "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:4443->443/tcp grouper_grouper_ui_1
+7e462d06c7cb grouper_idp "/usr/bin/startup.sh" 2 hours
\ No newline at end of file
From 9b8777c995aa9674742b93a16fc5bae44fa3114f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:08:23 -0500
Subject: [PATCH 073/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index b3bb038..5497f63 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -2,7 +2,8 @@
- - -
_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
-*- CSV connector How-to: Bring a new resource into a Worbench instance (example modified from The Book, Chapter 8, HR section) -*
+*- CSV connector How-to: Bring a new resource into a Worbench instance -*
+*- (example modified from The Book, Chapter 8, HR section) -*
- Start with the small csv resource definition from Chapter 8 of the Book
@@ -1702,4 +1703,4 @@ eb8f27710675 grouper_midpoint_server "/usr/local/bin/star…" 2 hours
911ee2e95760 grouper_grouper_daemon "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 443/tcp grouper_grouper_daemon_1
ae1c21eace64 grouper_grouper_ws "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:9443->443/tcp grouper_grouper_ws_1
7e886049a70a grouper_grouper_ui "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:4443->443/tcp grouper_grouper_ui_1
-7e462d06c7cb grouper_idp "/usr/bin/startup.sh" 2 hours
\ No newline at end of file
+7e462d06c7cb grouper_idp "/usr/bin/startup.sh" 2 hours
From eda21902fce5bf786d2bebcf9b5706ef4659e0d7 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:08:45 -0500
Subject: [PATCH 074/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 5497f63..327bb1e 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -2,7 +2,7 @@
- - -
_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
-*- CSV connector How-to: Bring a new resource into a Worbench instance -*
+*- CSV connector How-to: Bring a new resource into a Worbench instance -* +
*- (example modified from The Book, Chapter 8, HR section) -*
- Start with the small csv resource definition from Chapter 8 of the Book
From 18540ce33e59aeae33f7f606b1fa795576a64f03 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:11:37 -0500
Subject: [PATCH 075/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 1 -
1 file changed, 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 327bb1e..627d9a2 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -18,7 +18,6 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
```
{Workbench Directory}/midpoint_server/container_files/mp-home/csv/hr.csv
```
-- Replace {Workbench Directory} in the template with the path of the Workbench folder
- Add the new .csv data file to the volume bind section of the midpoint_server segment of the docker-compose.yml file
From f50578868c9b9ca7e4573ec92ed0e07cb16b40b4 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:13:49 -0500
Subject: [PATCH 076/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 627d9a2..fef7212 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -15,6 +15,9 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
```
- Place the new comma-delimited hr.csv file in the proper place on the Workbench host
+
+- Replace {Workbench Directory} with the actual path to your Workbench folder
+
```
{Workbench Directory}/midpoint_server/container_files/mp-home/csv/hr.csv
```
From 778d52efed6232fd44a496dc155b6d4f12bf0ccf Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:14:35 -0500
Subject: [PATCH 077/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index fef7212..1d736dd 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -37,9 +37,10 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
...
```
+---
+
*- The following template from Chapter 8 of THAE BOOK can be used to create your own simple inbound csv resource definition -*
----
```
<?xml version="1.0" encoding="UTF-8"?>
<!-- https://docs.evolveum.com/book/practical-identity-management-with-midpoint.html#08-obhject-templates
From 2d4afeeacf05ed9630c09c2615a4e7c6bfea7f1f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:16:08 -0500
Subject: [PATCH 078/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 1d736dd..5873836 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -39,7 +39,7 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
---
-*- The following template from Chapter 8 of THAE BOOK can be used to create your own simple inbound csv resource definition -*
+*- The following template from Ch. 8 of THE BOOK can be used to create your own simple inbound csv resource definition -*
```
<?xml version="1.0" encoding="UTF-8"?>
From 6e9a52b0d65ef7d5a93a6e346e3591ddf3469e0c Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:19:10 -0500
Subject: [PATCH 079/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 5873836..54f7fd9 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -199,6 +199,11 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
</expression>
</q:equal>
</correlation>
+```
+
+- The rest of the synchronization element follows
+
+```
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
From 77ce8d03c140b8b6c13e0770bdf74dbd156c3ef9 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:22:57 -0500
Subject: [PATCH 080/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 54f7fd9..2d2d1e3 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -254,7 +254,7 @@ ls -la
-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
```
-*- Wipe all existing Workbench images and files and rebuild from repo -*
+*- Wipe all existing Workbench images and files -*
```
docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
@@ -264,15 +264,16 @@ Replace downloaded ../csv with saved version
Replace repo version of docker-compose.yml with saved version
-build and bring up the fresh Workbench
+*- Build and bring up the fresh Workbench -*
```
docker-compose up --build -d
```
-Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
+- Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
*- import source-sis-full.csv -*
+```
*Schema mapping and extension attributes*
CSV MIDPOINT USER
@@ -291,8 +292,9 @@ refid rid
59614 (closed) Last object processed: 641-64-5552 +
8/17/23, 3:22:57 PM - +
8/17/23, 5:05:57 PM (01:42:59.164)
+```
-Import task incorporates synchronization process
+- The import task incorporates the synchronization process
---
- - -
From a007bf01124467d809beb0e3692db1ef873d2e34 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 17 Aug 2023 23:30:31 -0500
Subject: [PATCH 081/126] Add files via upload
---
test-data-howto1.adoc | 298 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 298 insertions(+)
create mode 100644 test-data-howto1.adoc
diff --git a/test-data-howto1.adoc b/test-data-howto1.adoc
new file mode 100644
index 0000000..6732942
--- /dev/null
+++ b/test-data-howto1.adoc
@@ -0,0 +1,298 @@
+=== test-data-how-to.adoc
+- - -
+_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
+
+*- CSV connector How-to: Bring a new resource into a Worbench instance -* +
+*- (example modified from The Book, Chapter 8, HR section) -*
+
+- Start with the small csv resource definition from Chapter 8 of the Book
+
+- hr.csv contents:
+```
+"empno","firstname","lastname"
+"001","Alice","Anderson"
+"002","Bob","Brown"
+```
+
+- Place the new comma-delimited hr.csv file in the proper place on the Workbench host
+
+- Replace {Workbench Directory} with the actual path to your Workbench folder
+
+```
+{Workbench Directory}/midpoint_server/container_files/mp-home/csv/hr.csv
+```
+
+- Add the new .csv data file to the volume bind section of the midpoint_server segment of the docker-compose.yml file
+
+```
+ ...
+ midpoint_server:
+ ...
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ ...
+ - type: bind
+ source: ./midpoint_server/container_files/mp-home/csv/hr.csv
+ target: /opt/midpoint/csv/hr.csv
+ ...
+```
+
+---
+
+*- The following template from Ch. 8 of THE BOOK can be used to create your own simple inbound csv resource definition -*
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- https://docs.evolveum.com/book/practical-identity-management-with-midpoint.html#08-obhject-templates
+ ~
+ ~ Copyright (c) 2010-2019 Evolveum
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<resource oid="03c3ceea-78e2-11e6-954d-dfdfa9ace0cf"
+ xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+ xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+ xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+ xmlns:ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
+
+ <name>HR System, Book ch 8</name>
+
+ <description>
+ HR resource using CSV connector. This is the HR feed (source) resource.
+ This is a sample used in the "Practical Identity Management with MidPoint"
+ book, chapter 8.
+ </description>
+
+ <connectorRef type="ConnectorType">
+ <filter>
+ <q:equal>
+ <q:path>c:connectorType</q:path>
+ <q:value>com.evolveum.polygon.connector.csv.CsvConnector</q:value>
+ </q:equal>
+ </filter>
+ </connectorRef>
+```
+* In the connectorConfiguration section
+** filepath should match the path defined in the docker-compose.yml for the target location of the bind element
+** {filename.csv} should be your .csv file name
+** uniqueAttribute should identify the field in the csv file that carries the unique identifier for each row
+
+```
+ <connectorConfiguration>
+ <!-- Configuration specific for the CSV connector -->
+ <icfc:configurationProperties
+ xmlns:icfccsvfile="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-csv/com.evolveum.polygon.connector.csv.CsvConnector">
+ <icfccsvfile:filePath>/opt/midpoint/csv/{filename.csv}</icfccsvfile:filePath>
+ <icfccsvfile:encoding>utf-8</icfccsvfile:encoding>
+ <icfccsvfile:fieldDelimiter>,</icfccsvfile:fieldDelimiter>
+ <icfccsvfile:multivalueDelimiter>;</icfccsvfile:multivalueDelimiter>
+ <icfccsvfile:uniqueAttribute>empno</icfccsvfile:uniqueAttribute>
+ </icfc:configurationProperties>
+ </connectorConfiguration>
+```
+- NOTE: The <schema> section that goes here will be added automatically
+ when the first connection to the resource takes place
+
+- The schema handling section should use the attribute names that match the "element" definitions in the auto-loaded schema section of the resource definition
+
+- Near the top of the schema handling section, the element for the unique attribute should look like this
+
+```
+ <schemaHandling>
+
+ <objectType>
+ <displayName>Default Account</displayName>
+ <default>true</default>
+ <objectClass>ri:AccountObjectClass</objectClass>
+ <attribute>
+ <ref>ri:empno</ref>
+ <displayName>Name (book hr empno)</displayName>
+ <limitations>
+ <minOccurs>0</minOccurs>
+ <access>
+ <read>true</read>
+ <add>true</add>
+ <modify>true</modify>
+ </access>
+ </limitations>
+ <inbound>
+ <target>
+ <path>$focus/employeeNumber</path>
+ </target>
+ </inbound>
+ </attribute>
+```
+- Now the rest of the attribute mappings
+
+```
+ <attribute>
+ <ref>ri:firstname</ref>
+ <displayName>First name</displayName>
+ <inbound>
+ <target>
+ <path>$focus/givenName</path>
+ </target>
+ </inbound>
+ </attribute>
+ <attribute>
+ <ref>ri:lastname</ref>
+ <displayName>Last name</displayName>
+ <inbound>
+ <target>
+ <path>$focus/familyName</path>
+ </target>
+ </inbound>
+ </attribute>
+ <activation>
+ <administrativeStatus>
+ <inbound/>
+ </administrativeStatus>
+ </activation>
+
+ <credentials>
+ <password>
+ <inbound>
+ <strength>weak</strength>
+ <expression>
+ <generate/>
+ </expression>
+ </inbound>
+ </password>
+ </credentials>
+ </objectType>
+
+ </schemaHandling>
+
+ <projection>
+ <assignmentPolicyEnforcement>none</assignmentPolicyEnforcement>
+ </projection>
+
+
+ <synchronization>
+ <objectSynchronization>
+ <enabled>true</enabled>
+```
+- The correlation element should look like this:
+
+```
+ <correlation>
+ <q:equal>
+ <q:path>employeeNumber</q:path>
+ <expression>
+ <path>$projection/attributes/empno</path>
+ </expression>
+ </q:equal>
+ </correlation>
+```
+
+- The rest of the synchronization element follows
+
+```
+ <reaction>
+ <situation>linked</situation>
+ <synchronize>true</synchronize>
+ </reaction>
+ <reaction>
+ <situation>deleted</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus</handlerUri>
+ </action>
+ </reaction>
+ <reaction>
+ <situation>unlinked</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+ </action>
+ </reaction>
+ <reaction>
+ <situation>unmatched</situation>
+ <synchronize>true</synchronize>
+ <action>
+ <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+ </action>
+ </reaction>
+ </objectSynchronization>
+ </synchronization>
+</resource>
+```
+- - -
+_2023-08-17 08:44:37 Import 50,000 users from source-sis-full.csv_
+
+*- process for importing large csv files into midPoint -*
+
+Bringing in the full test SIS population (50k) to midPoint Workbench
+
+Save the edited docker-compose.yml with data file binds: +
+/csp-tap/InCommonTAP-Examples-0816/Workbench/docker-compose.yml
+
+Save the contents of the ../csv directory
+
+```
+$ pwd
+/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
+
+ls -la
+-rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
+-rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
+```
+
+*- Wipe all existing Workbench images and files -*
+
+```
+docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
+```
+
+Replace downloaded ../csv with saved version
+
+Replace repo version of docker-compose.yml with saved version
+
+*- Build and bring up the fresh Workbench -*
+```
+docker-compose up --build -d
+```
+
+- Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
+
+*- import source-sis-full.csv -*
+
+```
+*Schema mapping and extension attributes*
+
+CSV MIDPOINT USER
+___ _____________
+sorid org
+given givenName
+surname familyName
+email emailAddress
+ph telephoneNumber
+cntry-code cntryCode
+unid uid
+occup title
+dept orgUnit
+refid rid
+
+59614 (closed) Last object processed: 641-64-5552 +
+8/17/23, 3:22:57 PM - +
+8/17/23, 5:05:57 PM (01:42:59.164)
+```
+
+- The import task incorporates the synchronization process
+---
\ No newline at end of file
From ae9183d639fdb529abcd9a75a8e7bbebc23adce5 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 07:49:41 -0500
Subject: [PATCH 082/126] Delete test-data-howto.adoc
---
test-data-howto.adoc | 1716 ------------------------------------------
1 file changed, 1716 deletions(-)
delete mode 100644 test-data-howto.adoc
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
deleted file mode 100644
index 2d2d1e3..0000000
--- a/test-data-howto.adoc
+++ /dev/null
@@ -1,1716 +0,0 @@
-=== test-data-how-to.adoc
-- - -
-_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
-
-*- CSV connector How-to: Bring a new resource into a Worbench instance -* +
-*- (example modified from The Book, Chapter 8, HR section) -*
-
-- Start with the small csv resource definition from Chapter 8 of the Book
-
-- hr.csv contents:
-```
-"empno","firstname","lastname"
-"001","Alice","Anderson"
-"002","Bob","Brown"
-```
-
-- Place the new comma-delimited hr.csv file in the proper place on the Workbench host
-
-- Replace {Workbench Directory} with the actual path to your Workbench folder
-
-```
-{Workbench Directory}/midpoint_server/container_files/mp-home/csv/hr.csv
-```
-
-- Add the new .csv data file to the volume bind section of the midpoint_server segment of the docker-compose.yml file
-
-```
- ...
- midpoint_server:
- ...
- volumes:
- - midpoint_home:/opt/midpoint/var
- ...
- - type: bind
- source: ./midpoint_server/container_files/mp-home/csv/hr.csv
- target: /opt/midpoint/csv/hr.csv
- ...
-```
-
----
-
-*- The following template from Ch. 8 of THE BOOK can be used to create your own simple inbound csv resource definition -*
-
-```
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- https://docs.evolveum.com/book/practical-identity-management-with-midpoint.html#08-obhject-templates
- ~
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<resource oid="03c3ceea-78e2-11e6-954d-dfdfa9ace0cf"
- xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
-
- <name>HR System, Book ch 8</name>
-
- <description>
- HR resource using CSV connector. This is the HR feed (source) resource.
- This is a sample used in the "Practical Identity Management with MidPoint"
- book, chapter 8.
- </description>
-
- <connectorRef type="ConnectorType">
- <filter>
- <q:equal>
- <q:path>c:connectorType</q:path>
- <q:value>com.evolveum.polygon.connector.csv.CsvConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
-```
-* In the connectorConfiguration section
-** filepath should match the path defined in the docker-compose.yml for the target location of the bind element
-** {filename.csv} should be your .csv file name
-** uniqueAttribute should identify the field in the csv file that carries the unique identifier for each row
-
-```
- <connectorConfiguration>
- <!-- Configuration specific for the CSV connector -->
- <icfc:configurationProperties
- xmlns:icfccsvfile="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-csv/com.evolveum.polygon.connector.csv.CsvConnector">
- <icfccsvfile:filePath>/opt/midpoint/csv/{filename.csv}</icfccsvfile:filePath>
- <icfccsvfile:encoding>utf-8</icfccsvfile:encoding>
- <icfccsvfile:fieldDelimiter>,</icfccsvfile:fieldDelimiter>
- <icfccsvfile:multivalueDelimiter>;</icfccsvfile:multivalueDelimiter>
- <icfccsvfile:uniqueAttribute>empno</icfccsvfile:uniqueAttribute>
- </icfc:configurationProperties>
- </connectorConfiguration>
-```
-- NOTE: The <schema> section that goes here will be added automatically
- when the first connection to the resource takes place
-
-- The schema handling section should use the attribute names that match the "element" definitions in the auto-loaded schema section of the resource definition
-
-- Near the top of the schema handling section, the element for the unique attribute should look like this
-
-```
- <schemaHandling>
-
- <objectType>
- <displayName>Default Account</displayName>
- <default>true</default>
- <objectClass>ri:AccountObjectClass</objectClass>
- <attribute>
- <ref>ri:empno</ref>
- <displayName>Name (book hr empno)</displayName>
- <limitations>
- <minOccurs>0</minOccurs>
- <access>
- <read>true</read>
- <add>true</add>
- <modify>true</modify>
- </access>
- </limitations>
- <inbound>
- <target>
- <path>$focus/employeeNumber</path>
- </target>
- </inbound>
- </attribute>
-```
-- Now the rest of the attribute mappings
-
-```
- <attribute>
- <ref>ri:firstname</ref>
- <displayName>First name</displayName>
- <inbound>
- <target>
- <path>$focus/givenName</path>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:lastname</ref>
- <displayName>Last name</displayName>
- <inbound>
- <target>
- <path>$focus/familyName</path>
- </target>
- </inbound>
- </attribute>
- <activation>
- <administrativeStatus>
- <inbound/>
- </administrativeStatus>
- </activation>
-
- <credentials>
- <password>
- <inbound>
- <strength>weak</strength>
- <expression>
- <generate/>
- </expression>
- </inbound>
- </password>
- </credentials>
- </objectType>
-
- </schemaHandling>
-
- <projection>
- <assignmentPolicyEnforcement>none</assignmentPolicyEnforcement>
- </projection>
-
-
- <synchronization>
- <objectSynchronization>
- <enabled>true</enabled>
-```
-- The correlation element should look like this:
-
-```
- <correlation>
- <q:equal>
- <q:path>employeeNumber</q:path>
- <expression>
- <path>$projection/attributes/empno</path>
- </expression>
- </q:equal>
- </correlation>
-```
-
-- The rest of the synchronization element follows
-
-```
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action>
- </reaction>
- </objectSynchronization>
- </synchronization>
-</resource>
-```
-- - -
-_2023-08-17 08:44:37 Import 50,000 users from source-sis-full.csv_
-
-*- process for importing large csv files into midPoint -*
-
-Bringing in the full test SIS population (50k) to midPoint Workbench
-
-Save the edited docker-compose.yml with data file binds: +
-/csp-tap/InCommonTAP-Examples-0816/Workbench/docker-compose.yml
-
-Save the contents of the ../csv directory
-
-```
-$ pwd
-/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
-
-ls -la
--rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
--rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
-```
-
-*- Wipe all existing Workbench images and files -*
-
-```
-docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
-```
-
-Replace downloaded ../csv with saved version
-
-Replace repo version of docker-compose.yml with saved version
-
-*- Build and bring up the fresh Workbench -*
-```
-docker-compose up --build -d
-```
-
-- Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
-
-*- import source-sis-full.csv -*
-
-```
-*Schema mapping and extension attributes*
-
-CSV MIDPOINT USER
-___ _____________
-sorid org
-given givenName
-surname familyName
-email emailAddress
-ph telephoneNumber
-cntry-code cntryCode
-unid uid
-occup title
-dept orgUnit
-refid rid
-
-59614 (closed) Last object processed: 641-64-5552 +
-8/17/23, 3:22:57 PM - +
-8/17/23, 5:05:57 PM (01:42:59.164)
-```
-
-- The import task incorporates the synchronization process
----
-
-- - -
-_2023-08-13 17:39:41 getting schema handling and synchronnization_
-
-With resource def containing only connector configuration, Schema and Capabilies are filled in when midpoint studio is used to upload and test the resourcecore of attribute schema after upload:
-
-core of resulting attribute schema pattern:
-
-```
- <xsd:appinfo>
- <a:displayName>email</a:displayName>
- <a:displayOrder>190</a:displayOrder>
- <ra:nativeAttributeName>email</ra:nativeAttributeName>
- <ra:frameworkAttributeName>email</ra:frameworkAttributeName>
- </xsd:appinfo>
-'''
-
-only the unique identifier has a frameworkattributename, __NAME__, that differs from the nativeAttributeName
-
-```
- <xsd:appinfo>
- <a:displayName>uid</a:displayName>
- <a:displayOrder>100</a:displayOrder>
- <ra:nativeAttributeName>uid</ra:nativeAttributeName>
- <ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
- </xsd:appinfo>
-```
-
-Give all users the ldap-basic role which will provision all users into LDAP
-
-Have Grouper treat LDAP as its subject source and create HRMS and SIS Grouper groups with loader jobs
-
-- - -
-_2023-08-09 14:12:00 Start w new workbench: mP 4.7.1 and Grouper 4.5.2_
-
-csv files already in ~/
-
-cd /csp-tap; git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
-
-*- access in browser and in midPoint Studio -*
-
-- large N csv files copied into proper location: mp-home/csv Double check match of csv resource config and location of actual csv files in the container
-
-- - -
-_2023-08-06 08:50:19 complete large n resource definitions_
-
-==== model on the original small hr csv resource in the Workbench
-
-
-mPUsr
-org,
-givenName,
-familyName,
-emailAddress,
-telephoneNumber,
-cntryCode,
-uid,
-title,
-orgUnit,
-rid
-
-https://docs.evolveum.com/midpoint/reference/schema/custom-schema-extension/[] +
-
-- - -
-_2023-08-05 11:26:42 complete import of large csv hrms and sis files into mP and provision to LDAP_
-
-*- host -*
-
-```
-[csprootuser@ip-172-31-62-244 container_files]$ pwd
-/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files
-
-[csprootuser@ip-172-31-62-244 container_files]$ ls -la mp-home/csv
-total 0
-drwxrwxr-x 2 csprootuser csprootuser 6 Aug 5 21:45 .
-drwxrwxr-x 8 csprootuser csprootuser 244 Aug 5 21:45 ..
-
-*- move host csv files into placce -*
-
-```
-[csprootuser@ip-172-31-62-244 container_files]$ pwd
-/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
-
-ls -la
--rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
--rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
-```
-
-
-```
-
-*- container -*
-
-```
-root@77cd6546e2bd midpoint]# ls -la /opt/midpoint/var
-total 36
-drwxr-xr-x 14 root root 4096 Aug 5 20:56 .
-drwxr-xr-x 1 root root 17 Jul 26 20:14 ..
--rw-rw-r-- 1 root root 2571 Aug 5 20:24 config.xml
--rw-r----- 1 root root 2746 Aug 5 20:56 cs-portal.csv
-drwxr-x--- 2 root root 6 Aug 5 20:29 export
--rw-r----- 1 root root 1461 Aug 5 20:56 faculty-portal.csv
-drwxrwxr-x 2 root root 245 Aug 5 20:28 icf-connectors
-```
-
-*- create ../var/csv to hold the test hrms and sis files -*
-
-*- correct the volume section of the midpoint configuration host docker-compose.yml -*
-
-```
-
-$ ls -la ~/csp-tap/InCommonTAP-Examples/Workbench
-
--rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 3 22:51 source-hrms.csv
--rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 3 22:26 source-sis.csv
-
- - type: bind
- source: ./midpoint_server/container_files/mp-home/csv/source-hrms.csv
- target: /opt/midpoint/var/csv/source-hrms.csv
- - type: bind
- source: ./midpoint_server/container_files/mp-home/csv/source-sis.csv
- target: /opt/midpoint/var/csv/source-sis.csv
-
-```
-
-*- move host csv files into placce -*
-
-```
-[csprootuser@ip-172-31-62-244 container_files]$ pwd
-/csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/csv
-
-ls -la
--rw-r--r-- 1 csprootuser csprootuser 6826528 Aug 5 22:54 source-hrms.csv
--rw-r--r-- 1 csprootuser csprootuser 8386727 Aug 5 22:54 source-sis.csv
-```
-
-- - -
-_2023-08-02 09:55:55 midPoint tree in Workbench_
-
-```
-├── midpoint_server
-
- ├── container_files
-
- ├── csv
- ├── source-hr.csv
- ├── source-hrms.csv
- └── source-sis.csv
-
- ├── httpd
- ├── 00-shib.conf
- ├── host-cert.pem
- ├── host-key.pem
- ├── midpoint-shib.conf
- └── vhosts.conf
- ├── mp-home
- <-<-<-<-<-<-<-<-<-<-<
- ├── mp-home
-
- ├── config.xml
- ├── cs-portal.csv
- ├── faculty-portal.csv
- ├── faculty-portal.csv
- ├── faculty-portal.csv
- ├── icf-connectors
- ├── connector-grouper-1.0-SNAPSHOT.jar
- ├── connector-rest-wordpress-.23-SNAPSHOT.jar
- ├── connector-sympa-1.0.2-connector.jar
- └── net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
-
- └──lib
- ├── mariadb-java-client-3.0.6.jar
- └── mysql-connector-java-8.0.30.jar
-
- ├── mailing-lists.csv
-
- ├── post-initial-objects
- ├── archetypes
- ├── bulkActions
- ├── functionLibraries
- ├── objectTemplates
- ├── ordering.txt
- ├── orgs
- ├── resources
- ├── roles
- ├── securityPolicy
- ├── systemConfigurations
- ├── tasks
- ├── users
- └── valuePolicies
-
- ├── res
- └── sis-persons
-
- ├── schema
- └── internet2.xsd
- ├── source-external.csv
- └── staff-portal.csv
-
-->->->->->->->->->->->->->->
-
- ├── shibboleth
-
- ├── attribute-map.xml
- ├── idp-metadata.xml
- ├── shibboleth2.xml
- ├── shibd.logger
- ├── sp-encrypt-cert.pem
- ├── sp-encrypt-key.pem
- ├── sp-signing-cert.pem
- └── sp-signing-key.pem
-
- └── system
- └── setservername.sh
-
- └── Dockerfile
-```
-
-- - -
-_2023-02-19 12:25:54 set up linode for Workbench on Ubuntu 22.04_
-
-*- add user kh, create group wheel add kh to wheel and sudo -*
-
-*- install Java (17) -*
-
-*- install docker and docker-compose -*
-
-*- add user kh, mkdir ~/home/kh, mkdir opt, cd opt -*
-
-*- git clone https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench -*
-
-*- cd ~/opt/InCommonTAP-Examples, docker-compose up -d --build -*
-
-- - -
-_2023-05-25 17:13:53 test csv resource with mP 4.7 on xps_
-
-cat /csp-tap/InCommonTAP-Examples/Workbench/midpoint_server/container_files/mp-home/source-external.csv
-
-uid,firstname,lastname,department,mail,validFrom,validTo
-E300001,John,Smith,External,xjsmith@example.com,1/1/2018,12/31/9999
-E300002,Alice,Anderson,External,xaanderson@example.com,3/15/2016,12/31/9999
-E300003,Ellen,Johnson,External,xejohnson@example.com,10/1/2019,12/31/2019
-E300004,Ron,Vasquez,External,xrvasquez@example.com,1/1/2019,10/31/2019
-
-/opt/midpoint/csv/source-external.csv <- path in csv connector config
-
-/Workbench/midpoint_server/container_files/csv/source-hr.csv
-
-- - -
-_2023-02-19 10:01:52 https://techviewleo.com/enable-epel-remi-repos-rocky-linux/_
-
-- - -
-_2023-02-17 20:45:20 install workbench on aktis.org_
-
-```
-https://geekscircuit.com/install-docker-docker-compose-on-rocky-linux/
-
-cd ~/opt
-git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
-cd InCommonTAP-Examples/Workbench
-```
-
-- - -
-_2023-02-15 15:49:03 make comanage_data guest db accessible from workbench_
-
-vim ../Workbench/docker-compose.yml
-
-- - -
-_2023-02-15 15:29:48 work w PaulC provided khazelton.workbench.incommon.org_
-
-ssh khazelton@khazelton.workbench.incommon.org +
-csprootuser T3s...3!
-
-inc workbench directory structure
-
-```
-pwd
-cd /csp-tap/InCommonTAP-Examples/Workbench
-
-ls -la
-total 104
-drwxr-xr-x 25 csprootuser root 4096 Feb 9 02:18 .
-drwxr-xr-x 9 csprootuser root 129 Feb 8 18:51 ..
--rw-r--r-- 1 csprootuser root 663 Feb 8 18:51 add-ref-groups.gsh
--rwxr-xr-x 1 csprootuser root 95 Feb 8 18:51 add-ref-groups.sh
--rwxr-xr-x 1 csprootuser root 323 Feb 8 18:51 after-installation.sh
-drwxr-xr-x 2 csprootuser root 22 Feb 8 18:51 cloudformation
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_cron
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_data
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_midpoint_data
-drwxr-xr-x 6 csprootuser root 70 Feb 8 18:51 configs-and-secrets
--rw-r--r-- 1 csprootuser root 2025 Feb 8 18:51 create-ref-loaders.gsh
--rwxr-xr-x 1 csprootuser root 100 Feb 8 18:51 create-ref-loaders.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 directory
--rw-r--r-- 1 csprootuser root 18646 Feb 8 18:51 docker-compose.yml
--rw-r--r-- 1 csprootuser root 57 Feb 8 18:51 .env
--rwxr-xr-x 1 csprootuser root 92 Feb 8 18:51 get-import-sis-persons-status.sh
-drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 grouper_daemon
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_data
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ui
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ws
-drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 idp
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui_api
-drwxr-xr-x 3 csprootuser root 19 Feb 8 18:51 midpoint-objects-manual
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 midpoint_server
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 mq
--rwxr-xr-x 1 csprootuser root 61 Feb 8 18:51 purge-queue.sh
--rw-r--r-- 1 csprootuser root 843 Feb 8 18:51 README.md
--rwxr-xr-x 1 csprootuser root 161 Feb 8 18:51 recompute.sh
-drwxr-xr-x 2 csprootuser root 211 Feb 8 19:09 scripts
--rwxr-xr-x 1 csprootuser root 49 Feb 8 18:51 show-queue-size.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 sources
--rwxr-xr-x 1 csprootuser root 932 Feb 8 18:51 ssh-tunnel-redir-fix.sh
--rwxr-xr-x 1 csprootuser root 414 Feb 8 18:51 test-resources.sh
-drwxr-xr-x 3 csprootuser root 40 Feb 8 18:51 tests
--rw-r--r-- 1 csprootuser root 437 Feb 8 18:51 update-bgasper-in-grouper.gsh
--rwxr-xr-x 1 csprootuser root 107 Feb 8 18:51 update-bgasper-in-grouper.sh
--rwxr-xr-x 1 csprootuser root 117 Feb 8 18:51 upload-async-update-task.sh
--rwxr-xr-x 1 csprootuser root 115 Feb 8 18:51 upload-import-sis-persons.sh
--rwxr-xr-x 1 csprootuser root 618 Feb 8 18:51 upload-objects.sh
--rwxr-xr-x 1 csprootuser root 116 Feb 8 18:51 upload-recompute-users.sh
--rwxr-xr-x 1 csprootuser root 126 Feb 8 18:51 upload-reconcile-grouper-groups.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 webproxy
-drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 wordpress_data
-drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 wordpress_server
-
-- - -
-_2023-02-08 19:03:12 bring up cloned workbench from khazelton.workbench.incommon.org on wasabi_
-
-csprootuser T3s...3!
-
-inc workbench directory structure
-
-```
-pwd
-/csp-tap/InCommonTAP-Examples/Workbench
-
-[csprootuser@ip-172-31-34-254 Workbench]$ ls -la /
-total 16
-dr-xr-xr-x 20 root root 300 Feb 8 18:51 .
-dr-xr-xr-x 20 root root 300 Feb 8 18:51 ..
--rw-r--r-- 1 root root 0 Feb 8 18:47 .autorelabel
-lrwxrwxrwx 1 root root 7 Sep 21 2020 bin -> usr/bin
-dr-xr-xr-x 4 root root 4096 Feb 8 18:49 boot
-drwxr-xr-x 3 csprootuser root 34 Feb 8 18:52 csp-tap
-drwxr-xr-x 14 root root 2860 Feb 8 18:47 dev
-drwxr-xr-x 3 root root 17 Feb 8 18:49 dl.fedoraproject.org
-drwxr-xr-x 87 root root 8192 Feb 8 18:51 etc
-drwxr-xr-x 4 root root 41 Feb 8 18:48 home
-lrwxrwxrwx 1 root root 7 Sep 21 2020 lib -> usr/lib
-lrwxrwxrwx 1 root root 9 Sep 21 2020 lib64 -> usr/lib64
-drwxr-xr-x 2 root root 6 Sep 21 2020 local
-drwxr-xr-x 2 root root 6 Apr 9 2019 media
-drwxr-xr-x 2 root root 6 Apr 9 2019 mnt
-drwxr-xr-x 5 root root 45 Feb 8 18:51 opt
-dr-xr-xr-x 534 root root 0 Feb 8 18:47 proc
-dr-xr-x--- 4 root root 117 Feb 8 18:51 root
-drwxr-xr-x 33 root root 1140 Feb 9 00:11 run
-lrwxrwxrwx 1 root root 8 Sep 21 2020 sbin -> usr/sbin
-drwxr-xr-x 2 root root 6 Apr 9 2019 srv
-dr-xr-xr-x 13 root root 0 Feb 9 00:03 sys
-drwxrwxrwt 8 root root 212 Feb 9 01:06 tmp
-drwxr-xr-x 13 root root 155 Sep 21 2020 usr
-drwxr-xr-x 20 root root 280 Feb 8 18:50 var
-
-cd /csp-tap/InCommonTAP-Examples/Workbench
-
-csprootuser@ip-172-31-34-254 Workbench]$ ls -la
-
-total 104
-drwxr-xr-x 25 csprootuser root 4096 Feb 9 00:46 .
-drwxr-xr-x 9 csprootuser root 129 Feb 8 18:51 ..
--rw-r--r-- 1 csprootuser root 663 Feb 8 18:51 add-ref-groups.gsh
--rwxr-xr-x 1 csprootuser root 95 Feb 8 18:51 add-ref-groups.sh
--rwxr-xr-x 1 csprootuser root 323 Feb 8 18:51 after-installation.sh
-drwxr-xr-x 2 csprootuser root 22 Feb 8 18:51 cloudformation
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_cron
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_data
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 comanage_midpoint_data
-drwxr-xr-x 6 csprootuser root 70 Feb 8 18:51 configs-and-secrets
--rw-r--r-- 1 csprootuser root 2025 Feb 8 18:51 create-ref-loaders.gsh
--rwxr-xr-x 1 csprootuser root 100 Feb 8 18:51 create-ref-loaders.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 directory
--rw-r--r-- 1 csprootuser root 18646 Feb 8 18:51 docker-compose.yml
--rw-r--r-- 1 csprootuser root 57 Feb 8 18:51 .env
--rwxr-xr-x 1 csprootuser root 92 Feb 8 18:51 get-import-sis-persons-status.sh
-drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 grouper_daemon
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_data
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ui
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 grouper_ws
-drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 idp
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 idp_ui_api
-drwxr-xr-x 3 csprootuser root 19 Feb 8 18:51 midpoint-objects-manual
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 midpoint_server
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 mq
--rwxr-xr-x 1 csprootuser root 61 Feb 8 18:51 purge-queue.sh
--rw-r--r-- 1 csprootuser root 843 Feb 8 18:51 README.md
--rwxr-xr-x 1 csprootuser root 161 Feb 8 18:51 recompute.sh
-drwxr-xr-x 2 csprootuser root 211 Feb 8 19:09 scripts
--rwxr-xr-x 1 csprootuser root 49 Feb 8 18:51 show-queue-size.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 sources
--rwxr-xr-x 1 csprootuser root 932 Feb 8 18:51 ssh-tunnel-redir-fix.sh
--rwxr-xr-x 1 csprootuser root 414 Feb 8 18:51 test-resources.sh
-drwxr-xr-x 3 csprootuser root 40 Feb 8 18:51 tests
--rw-r--r-- 1 csprootuser root 437 Feb 8 18:51 update-bgasper-in-grouper.gsh
--rwxr-xr-x 1 csprootuser root 107 Feb 8 18:51 update-bgasper-in-grouper.sh
--rwxr-xr-x 1 csprootuser root 117 Feb 8 18:51 upload-async-update-task.sh
--rwxr-xr-x 1 csprootuser root 115 Feb 8 18:51 upload-import-sis-persons.sh
--rwxr-xr-x 1 csprootuser root 618 Feb 8 18:51 upload-objects.sh
--rwxr-xr-x 1 csprootuser root 116 Feb 8 18:51 upload-recompute-users.sh
--rwxr-xr-x 1 csprootuser root 126 Feb 8 18:51 upload-reconcile-grouper-groups.sh
-drwxr-xr-x 3 csprootuser root 47 Feb 8 18:51 webproxy
-drwxr-xr-x 2 csprootuser root 24 Feb 8 18:51 wordpress_data
-drwxr-xr-x 4 csprootuser root 69 Feb 8 18:51 wordpress_server
-
-[csprootuser@ip-172-31-34-254 Workbench]$ cat after-installation.sh
-
-#!/bin/bash
-
-B='\033[1;33m'
-N='\033[0m'
-
-echo -e "${B} * Uploading objects...${N}"
-$(dirname "$0")/upload-objects.sh
-
-echo -e "${B} * Testing resources...${N}"
-$(dirname "$0")/test-resources.sh
-
-echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
-$(dirname "$0")/recompute.sh
-
-echo -e "${B} * Done${N}"
-[csprootuser@ip-172-31-34-254 Workbench]$
-```
-upload-objects script uploads all
-
-
-*- bring up cloned workbench from khazelton.workbench.incommon.org on wasabi =*
-
-tar -czvf csp-tap.tar.gz csp-tap
-- - -
-_2023-02-08 12:59:00 PaulC revives khazelton.workbench.incommon.org_
-
-- - -
-_2022-12-19 13:39:33 develop plans for perf. analysis_
-
-Work with 'official' workbench instance (Thanks, PaulC):
-https://khazelton.workbench.incommon.org +
-ssh csprootuser@khazelton.workbench.incommon.org +
-T3sting123! +
-/csp-tap/InCommonTAP-Examples/Workbench
-
-created csp-tap.tar.gz and scp'd to MBProMax:~/opt/non.adoc/ +
-
-copy to aktis.org on Linode 48Gb; docker compose up,
-
-- - -
-_2022-12-14 08:56:13 performance analysis metrics_
-
-follow workbench local install steps: https://spaces.at.internet2.edu/x/NBh9Dg
-
-docker ps to show running containers
-
-*Import task* in midPoint admin screen open 'server tasks', 'import tasks', select 'SIS full import', 'Performance' for timing information
-
-then 'Internal performance'
-
-scroll page to 'Repository performance information', one row per type of repository operation
-
-scroll page to 'Methods performance information', one row per type of method call
-
-*Recomputation task*
-
-'server tasks', 'recomputation tasks', 'User recomputation', 'performance', 'internal performance' for timing information, see 'provisioning' and 'mapping' tables near bottom; Note User Template mapping role.'
-
-'Configuration', 'Object templates', 'User template', 'edit raw' (or drill down on elements)
-
-
-
-
-
-
-
-
-
-for operation and method details, see javadoc and schemadoc:
-
-https://evolveum.com/download/
-
-https://evolveum.com/download/4-6-baumgarten/, view or download
-
-- - -
-_2022-12-13 16:40:18 fresh install of TAP workbench on xps_
-
-```
-git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
-cd Workbench
-docker-compose up --build -d
-```
-- - -
-_2022-10-05 19:15 workbench references and links_
-
-https://spaces.at.internet2.edu/display/TAPW
- <- new users start here +
-https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench +
-https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo +
-
-- - -
-_2022-09-29 21:28 workbench build on aktis.org_
-
-
-https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo
-
-- - -
-_2022-02-14 12:17 mP Studio to workbench on aktis.org_
-
-Studio connection config:
-name: Aktis +
-url: https://aktis.org/midpoint +
-ignore SSL errors: checked
-
-` mP v4.4 +
-` native postgres repo +
-
-- - -
-_2022-01-22 14:15 full workbench deployment on aktis.org_
-
-Theres a minor version upgrade on that city-fan.org rpm; Here’s the webproxy Dockerfile section that worked for me :*
-```
-#install updated curl (for --data-raw)
-RUN rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-2.rhel7.noarch.rpm
-RUN yum-config-manager --enable city-fan.org
-RUN yum update curl -y
-```
-note release-2.2 instead of release-2.1 :*
-
-Also commented out the following in Workbench/comanage/Dockerfile; fixed build error and no detectable issues so far :*
-```
-#RUN yum -y update && yum -y install --setopt=tsflags=nodocs epel-release python-pip && pip install --upgrade pip
-```
-With the new Postgres-based midPoint repo, The workbench sql admin link no longer has access to mP data;
-DbSchema connection workaround: user midpoint pw WJzesbe3poNZ91qIbmR7
-
-
-- - -
-_2021-12-10 15:08 workbench w/o COmanage on xps_
-
-```
-kh@xps:~/opt/InCommonTAP-Examples-2021-06-18/Workbench$
-
--rw-rw-r-- 1 kh kh 1293 Dec 10 14:38 comanage-doc-cmpse-snippet.yml <- saved excised bits
--rw-rw-r-- 1 kh kh 14577 Dec 10 14:38 doc-cmpose-no-comanage.yml <- Workbench w/o COmanage
-
-docker-compose -f doc-cmpose-no-comanage.yml up --build -d
-```
-
-- - -
-_2021-10-24 11:55 workbench grouper db_
-
-```
-mysql -u root -h localhost
-
-Database changed
-MariaDB [grouper]> show tables;
-+--------------------------------+
-| Tables_in_grouper |
-+--------------------------------+
-| grouper_QZ_BLOB_TRIGGERS |
-| grouper_QZ_CALENDARS |
-| grouper_QZ_CRON_TRIGGERS |
-| grouper_QZ_FIRED_TRIGGERS |
-| grouper_QZ_JOB_DETAILS |
-| grouper_QZ_LOCKS |
-| grouper_QZ_PAUSED_TRIGGER_GRPS |
-| grouper_QZ_SCHEDULER_STATE |
-| grouper_QZ_SIMPLE_TRIGGERS |
-| grouper_QZ_SIMPROP_TRIGGERS |
-| grouper_QZ_TRIGGERS |
-| grouper_attr_asn_asn_attrdef_v |
-| grouper_attr_asn_asn_efmship_v |
-| grouper_attr_asn_asn_group_v |
-| grouper_attr_asn_asn_member_v |
-| grouper_attr_asn_asn_mship_v |
-| grouper_attr_asn_asn_stem_v |
-| grouper_attr_asn_attrdef_v |
-| grouper_attr_asn_efmship_v |
-| grouper_attr_asn_group_v |
-| grouper_attr_asn_member_v |
-| grouper_attr_asn_mship_v |
-| grouper_attr_asn_stem_v |
-| grouper_attr_assign_action |
-| grouper_attr_assign_action_set |
-| grouper_attr_assn_action_set_v |
-| grouper_attr_def_name_set_v |
-| grouper_attr_def_priv_v |
-| grouper_attribute_assign |
-| grouper_attribute_assign_value |
-| grouper_attribute_def |
-| grouper_attribute_def_name |
-| grouper_attribute_def_name_set |
-| grouper_attribute_def_scope |
-| grouper_audit_entry |
-| grouper_audit_entry_v |
-| grouper_audit_type |
-| grouper_aval_asn_asn_attrdef_v |
-| grouper_aval_asn_asn_efmship_v |
-| grouper_aval_asn_asn_group_v |
-| grouper_aval_asn_asn_member_v |
-| grouper_aval_asn_asn_mship_v |
-| grouper_aval_asn_asn_stem_v |
-| grouper_aval_asn_attrdef_v |
-| grouper_aval_asn_efmship_v |
-| grouper_aval_asn_group_v |
-| grouper_aval_asn_member_v |
-| grouper_aval_asn_mship_v |
-| grouper_aval_asn_stem_v |
-| grouper_cache_instance |
-| grouper_cache_overall |
-| grouper_change_log_consumer |
-| grouper_change_log_entry |
-| grouper_change_log_entry_temp |
-| grouper_change_log_entry_v |
-| grouper_change_log_type |
-| grouper_composites |
-| grouper_composites_v |
-| grouper_config |
-| grouper_ddl |
-| grouper_ddl_worker |
-| grouper_ext_subj |
-| grouper_ext_subj_attr |
-| grouper_ext_subj_invite_v |
-| grouper_ext_subj_v |
-| grouper_fields |
-| grouper_file |
-| grouper_group_set |
-| grouper_groups |
-| grouper_groups_v |
-| grouper_loader_log |
-| grouper_members |
-| grouper_memberships |
-| grouper_memberships_all_v |
-| grouper_memberships_lw_v |
-| grouper_memberships_v |
-| grouper_message |
-| grouper_mship_attrdef_lw_v |
-| grouper_mship_stem_lw_v |
-| grouper_password |
-| grouper_password_recently_used |
-| grouper_perms_all_v |
-| grouper_perms_assigned_role_v |
-| grouper_perms_role_subject_v |
-| grouper_perms_role_v |
-| grouper_pit_attr_asn_value_v |
-| grouper_pit_attr_assn_actn |
-| grouper_pit_attr_assn_actn_set |
-| grouper_pit_attr_assn_value |
-| grouper_pit_attr_def_name |
-| grouper_pit_attr_def_name_set |
-| grouper_pit_attribute_assign |
-| grouper_pit_attribute_def |
-| grouper_pit_config |
-| grouper_pit_fields |
-| grouper_pit_group_set |
-| grouper_pit_groups |
-| grouper_pit_members |
-| grouper_pit_memberships |
-| grouper_pit_memberships_all_v |
-| grouper_pit_memberships_lw_v |
-| grouper_pit_mship_attr_lw_v |
-| grouper_pit_mship_group_lw_v |
-| grouper_pit_mship_stem_lw_v |
-| grouper_pit_perms_all_v |
-| grouper_pit_perms_role_subj_v |
-| grouper_pit_perms_role_v |
-| grouper_pit_role_set |
-| grouper_pit_stems |
-| grouper_recent_mships_conf |
-| grouper_recent_mships_conf_v |
-| grouper_recent_mships_load_v |
-| grouper_role_set |
-| grouper_role_set_v |
-| grouper_roles_v |
-| grouper_rpt_composites_v |
-| grouper_rpt_group_field_v |
-| grouper_rpt_groups_v |
-| grouper_rpt_members_v |
-| grouper_rpt_roles_v |
-| grouper_rpt_stems_v |
-| grouper_rules_v |
-| grouper_service_role_v |
-| grouper_stem_set |
-| grouper_stem_set_v |
-| grouper_stems |
-| grouper_stems_v |
-| grouper_sync |
-| grouper_sync_group |
-| grouper_sync_job |
-| grouper_sync_log |
-| grouper_sync_member |
-| grouper_sync_membership |
-| grouper_table_index |
-| grouper_time |
-| subject |
-| subjectattribute |
-+--------------------------------+
-137 rows in set (0.00 sec)
-
-MariaDB [grouper]> select * from subject limit 14;
-Empty set (0.01 sec)
-
-MariaDB [grouper]> select * from grouper_fields limit 14;
-+----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
-| id | name | read_privilege | type | write_privilege | hibernate_version_number | context_id |
-+----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
-| 00581a894b494eec9e93be4cdd891993 | admins | admin | access | admin | 0 | 9d3d6b5bd99143afb05dfd99561696b8 |
-| 0b3161a3680c48c1b722a72f8b1c40bc | optouts | update | access | update | 0 | b50240e5effa4361b71323e9d5c9a7bc |
-| 0de8af51ad544fa6a213732a8c542823 | attrViewers | attrAdmin | attributeDef | attrAdmin | 0 | 2e3af4d1b75e4c78be189244930a709d |
-| 0e40442e4ac243d794d04358325520bc | attrDefAttrReaders | attrAdmin | attributeDef | attrAdmin | 0 | 381e2cd6786d4d8e90d0f7d77b32da67 |
-| 255fc7e133054b878b2d4c01bfd93165 | stemAdmins | stemAdmin | naming | stemAdmin | 0 | 97a0cf8dcf0a43b3a94d50befcb1eb5c |
-| 305e62bf85884c37967eb98524fe57c2 | groupAttrReaders | admin | access | admin | 0 | 34764af8cdb4418c839cab5517db852a |
-| 3376e64ec7554ed19b3ba0b87f1f6171 | updaters | admin | access | admin | 0 | 7c217bb5a38d433380b588c1aff55199 |
-| 409d78778bd64cfabd29c95d722262cc | viewers | admin | access | admin | 0 | 1cd07b69154349adb196d7d377ec9700 |
-| 5505ba72967646d2a40c0c911be77dd9 | members | read | list | update | 0 | 15935366dcfe4055b4d9fdea6f2fd67b |
-| 6babafbabdda4ec6ba5386304c1879e0 | attrAdmins | attrAdmin | attributeDef | attrAdmin | 0 | 0fe8cd3b8e6d4c78b892b5e8dc3c6e65 |
-| 751c7601cf744b7480d4e3934e0ba11b | creators | stemAdmin | naming | stemAdmin | 0 | b68c0fbd145d4e0796951be3e554982f |
-| 777e45bfe8b444d981b5847f5b747666 | stemAttrUpdaters | stemAdmin | naming | stemAdmin | 0 | 83a836278c3a43d89da880722bab8321 |
-| 7b6fe32054c948c1bdb3c807e78ea7f0 | attrUpdaters | attrAdmin | attributeDef | attrAdmin | 0 | 743c6154207d406493efaa81e59ce450 |
-| 8c90a53d88db4b0682531fc757150c75 | attrOptouts | attrUpdate | attributeDef | attrUpdate | 0 | 22f55fe926be4fbaae91221ffee0a6b5 |
-+----------------------------------+--------------------+----------------+--------------+-----------------+--------------------------+----------------------------------+
-14 rows in set (0.00 sec)
-
-MariaDB [grouper]> select * from grouper_stems limit 104;
-+----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
-| id | parent_stem | name | display_name | creator_id | create_time | modifier_id | modify_time | display_extension | extension | description | last_membership_change | alternate_name | hibernate_version_number | context_id | id_index |
-+----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
-| 014a2040fc904c3f951c1ca39420fc01 | 1460b18ad220413a8b10958132304f0f | org | org | fdcb408c3a6947af8998427de915554b | 1634338885378 | NULL | 0 | org | org | NULL | NULL | NULL | 0 | 38979be0d56c4a71b6b6d4f248160bdd | 10035 |
-| 01a4b89a238d4b4a8b454d2097a23c98 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:userData | etc:attribute:userData | fdcb408c3a6947af8998427de915554b | 1634338866726 | fdcb408c3a6947af8998427de915554b | 1634338866740 | userData | userData | folder for built in Grouper user data attributes | NULL | NULL | 1 | 6474b2b0ea324ed09e6386980aae1f70 | 10028 |
-| 0c771c8fc20c44ff9bea428de431c69a | 1460b18ad220413a8b10958132304f0f | basis | basis | fdcb408c3a6947af8998427de915554b | 1634338885076 | NULL | 0 | basis | basis | NULL | NULL | NULL | 0 | e42fd743bf454c9da6193f3a1afd623c | 10033 |
-| 1460b18ad220413a8b10958132304f0f | NULL | : | : | fdcb408c3a6947af8998427de915554b | 1634338856527 | NULL | 0 | : | : | NULL | NULL | NULL | 0 | NULL | 10000 |
-| 1c11cda521564c55a79edf33415f6672 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attributeAutoCreate | etc:attribute:attributeAutoCreate | fdcb408c3a6947af8998427de915554b | 1634338859558 | fdcb408c3a6947af8998427de915554b | 1634338859578 | attributeAutoCreate | attributeAutoCreate | folder for attribute autocreate objects | NULL | NULL | 1 | 3b944866333c491ba94bc11dd400bc13 | 10009 |
-| 1edcbb78af7e4ed1a5b1603d8e66113f | f33f64d1396142b197743c7c63f0424b | etc:workflow | etc:workflow | fdcb408c3a6947af8998427de915554b | 1634338861348 | fdcb408c3a6947af8998427de915554b | 1634338861366 | workflow | workflow | folder for built in Grouper workflow attributes | NULL | NULL | 1 | 3d82f69836d545c198e47ab46e0cdd5f | 10017 |
-| 2af661d6825b4b489c22b073a51f3859 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:recentMemberships | etc:attribute:recentMemberships | fdcb408c3a6947af8998427de915554b | 1634338868207 | fdcb408c3a6947af8998427de915554b | 1634338868224 | recentMemberships | recentMemberships | folder for built in Grouper recent memberships objects | NULL | NULL | 1 | 6ba456a95c9440ef8877c9b5bbf859fe | 10030 |
-| 2bc1bb91da274980aa5754040a5a76a2 | f33f64d1396142b197743c7c63f0424b | etc:deprovisioning | etc:deprovisioning | fdcb408c3a6947af8998427de915554b | 1634338857873 | fdcb408c3a6947af8998427de915554b | 1634338857898 | deprovisioning | deprovisioning | folder for built in Grouper deprovisioning objects | NULL | NULL | 1 | 0f6604c953a246608bb1769849f78710 | 10003 |
-| 2c1543b8b0b04038ba944c7c78b9d49d | 52c8c0a28f8f46eea176d7f570da05ba | ref:dept | ref:dept | fdcb408c3a6947af8998427de915554b | 1634339551497 | NULL | 0 | dept | dept | NULL | NULL | NULL | 0 | 5cfc87334b544c869d95bfbf9324533d | 10052 |
-| 4512b03eb56541edab2301161070874d | f33f64d1396142b197743c7c63f0424b | etc:objectTypes | etc:objectTypes | fdcb408c3a6947af8998427de915554b | 1634338861066 | fdcb408c3a6947af8998427de915554b | 1634338861084 | objectTypes | objectTypes | folder for built in Grouper types objects | NULL | NULL | 1 | 7d87b11921a04b389a986a92757a34c6 | 10016 |
-| 49670d8066ce4494a60d9cd8006de8be | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:entities | etc:attribute:entities | fdcb408c3a6947af8998427de915554b | 1634338867056 | fdcb408c3a6947af8998427de915554b | 1634338867074 | entities | entities | folder for built in Grouper entities attributes | NULL | NULL | 1 | 483ecd3a28664561b0473ee48ce85915 | 10029 |
-| 52c8c0a28f8f46eea176d7f570da05ba | 1460b18ad220413a8b10958132304f0f | ref | ref | fdcb408c3a6947af8998427de915554b | 1634338885705 | NULL | 0 | ref | ref | NULL | NULL | NULL | 0 | 5b460accd455492a85a93ce2c9cf1821 | 10037 |
-| 55b6131823804d19a40da15b6fc556f2 | f33f64d1396142b197743c7c63f0424b | etc:legacy | etc:legacy | fdcb408c3a6947af8998427de915554b | 1634338859484 | NULL | 0 | legacy | legacy | NULL | NULL | NULL | 0 | 5b4b76dfa46945dc8df85d660063b302 | 10006 |
-| 56212d6b7f574006bbc62b7ba18257fb | f33f64d1396142b197743c7c63f0424b | etc:grouperUi | etc:grouperUi | fdcb408c3a6947af8998427de915554b | 1634341563414 | NULL | 0 | grouperUi | grouperUi | NULL | NULL | NULL | 0 | 14ee0ec47510473f9cfc6402cc809921 | 10063 |
-| 5846ebcdd815468e8c0404a813b793d8 | dd73523792b7421fa0f349bb836ad1b1 | etc:attribute:messages:grouperMessageTopics | etc:attribute:messages:grouperMessageTopics | fdcb408c3a6947af8998427de915554b | 1634338860405 | fdcb408c3a6947af8998427de915554b | 1634338860425 | grouperMessageTopics | grouperMessageTopics | folder for message topics, add a permission here for a topic, imply queues by the topic | NULL | NULL | 1 | 53adc0c00e334a0ab2b51065e81510be | 10012 |
-| 5e10f8faf1d7454690efc2d421c55ff9 | f33f64d1396142b197743c7c63f0424b | etc:usdu | etc:usdu | fdcb408c3a6947af8998427de915554b | 1634338859254 | fdcb408c3a6947af8998427de915554b | 1634338859273 | usdu | usdu | folder for built in Grouper usdu objects | NULL | NULL | 1 | e79643256df3486a8a060f5124745489 | 10005 |
-| 5f7ebf561aae43f493670d8318df319d | f33f64d1396142b197743c7c63f0424b | etc:provisioning | etc:provisioning | fdcb408c3a6947af8998427de915554b | 1634338858891 | fdcb408c3a6947af8998427de915554b | 1634338858909 | provisioning | provisioning | folder to store attribute defs and names for provisioning in ui | NULL | NULL | 1 | 332d999ee7b241d4b90ee0d180338763 | 10004 |
-| 6676add5fbc545f483760fa62051a72d | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attrLoader | etc:attribute:attrLoader | fdcb408c3a6947af8998427de915554b | 1634338864732 | fdcb408c3a6947af8998427de915554b | 1634338864750 | attrLoader | attrLoader | folder for built in Grouper loader attributes | NULL | NULL | 1 | 78bb88f08fc24d29ad947840f72838e3 | 10022 |
-| 70179d3d43594d5eb4360c695c58ab8f | 7b57c6cc59004da3a32e3cc2d09873b7 | etc:attribute:instrumentationData:instrumentationDataInstances | etc:attribute:instrumentationData:instrumentationDataInstances | fdcb408c3a6947af8998427de915554b | 1634338866324 | fdcb408c3a6947af8998427de915554b | 1634338866338 | instrumentationDataInstances | instrumentationDataInstances | folder for Grouper instances | NULL | NULL | 1 | fa82194312634d31be8a5f8aeaf26e64 | 10026 |
-| 7805f6ecdaa94b1c8edee6307ce01448 | 1460b18ad220413a8b10958132304f0f | bundle | bundle | fdcb408c3a6947af8998427de915554b | 1634338885246 | NULL | 0 | bundle | bundle | NULL | NULL | NULL | 0 | 7ec9f0cf8cd14945889ba78cd9f05c66 | 10034 |
-| 7b57c6cc59004da3a32e3cc2d09873b7 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:instrumentationData | etc:attribute:instrumentationData | fdcb408c3a6947af8998427de915554b | 1634338866294 | fdcb408c3a6947af8998427de915554b | 1634338866309 | instrumentationData | instrumentationData | folder for built in Grouper instrumentation data attributes | NULL | NULL | 1 | 79ac1ee0b30c41078ec2e993237b4d6b | 10025 |
-| 7c3ead9716394dd5b1d665553d62b411 | f33f64d1396142b197743c7c63f0424b | etc:reportConfig | etc:reportConfig | fdcb408c3a6947af8998427de915554b | 1634338862536 | fdcb408c3a6947af8998427de915554b | 1634338862554 | reportConfig | reportConfig | folder for Grouper report config | NULL | NULL | 1 | 6b743da5e18e44a39b64450432afa3a3 | 10018 |
-| 7fb87d1ea78c4d7d8b05d755f96ebc5b | 837f5eb3402649fea5e6077c9fdfd1b0 | app:wordpress | app:wordpress | fdcb408c3a6947af8998427de915554b | 1634338887511 | NULL | 0 | wordpress | wordpress | NULL | NULL | NULL | 0 | 5cfef8378815412abb0131f2f81cfe9e | 10040 |
-| 81a1c073c1da471b8bf26ae7e4e005fb | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:upgradeTasks | etc:attribute:upgradeTasks | fdcb408c3a6947af8998427de915554b | 1634338865856 | fdcb408c3a6947af8998427de915554b | 1634338865883 | upgradeTasks | upgradeTasks | folder for upgrade tasks objects | NULL | NULL | 1 | 51ddf240660344e284fc572e34f2e184 | 10024 |
-| 837f5eb3402649fea5e6077c9fdfd1b0 | 1460b18ad220413a8b10958132304f0f | app | app | fdcb408c3a6947af8998427de915554b | 1634338884634 | NULL | 0 | app | app | NULL | NULL | NULL | 0 | 6080bed7b10c4e60afac6df510f9df3a | 10032 |
-| 8ba2d52d5725439a89b4e7892e1188d0 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attestation | etc:attribute:attestation | fdcb408c3a6947af8998427de915554b | 1634338860487 | fdcb408c3a6947af8998427de915554b | 1634338860503 | attestation | attestation | folder for built in Grouper attestation attributes | NULL | NULL | 1 | 8f78bb229dc24ff9b131da393d0b5434 | 10014 |
-| 8c7c8ac9004246688cd181c0c142ca70 | 1460b18ad220413a8b10958132304f0f | test | test | fdcb408c3a6947af8998427de915554b | 1634338885549 | NULL | 0 | test | test | NULL | NULL | NULL | 0 | 45138af0d2cb49ee806e155a9948ccaf | 10036 |
-| 91d0b37f0cc240088a08a9844f13f5c1 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:customUi | etc:attribute:customUi | fdcb408c3a6947af8998427de915554b | 1634338860905 | fdcb408c3a6947af8998427de915554b | 1634338860921 | customUi | customUi | folder for Grouper custom UI attributes | NULL | NULL | 1 | 1e69f11417e14daf84b2bbf27c225122 | 10015 |
-| 97dbe2ebdd2b4252a9996bd89a98848a | 55b6131823804d19a40da15b6fc556f2 | etc:legacy:attribute | etc:legacy:attribute | fdcb408c3a6947af8998427de915554b | 1634338859504 | fdcb408c3a6947af8998427de915554b | 1634338859520 | attribute | attribute | Folder for legacy attributes. Do not delete. | NULL | NULL | 1 | b40b236f3dc540b789298902ce29d3f4 | 10007 |
-| 9ac0d028bf5b4bd9b4284c7a065e7e63 | 52c8c0a28f8f46eea176d7f570da05ba | ref:affiliation | ref:affiliation | fdcb408c3a6947af8998427de915554b | 1634338886062 | NULL | 0 | affiliation | affiliation | NULL | NULL | NULL | 0 | b70577c94ad84c2895d68f82b7d902df | 10039 |
-| 9be16f90a959459eb3c1ab10c328f93b | dd73523792b7421fa0f349bb836ad1b1 | etc:attribute:messages:grouperMessageQueues | etc:attribute:messages:grouperMessageQueues | fdcb408c3a6947af8998427de915554b | 1634338860448 | fdcb408c3a6947af8998427de915554b | 1634338860469 | grouperMessageQueues | grouperMessageQueues | folder for message queues, add a permission here for a queue, implied queues by the topic | NULL | NULL | 1 | e52d894774fc4a819d0deee86a0a9e40 | 10013 |
-| 9c32917c44704f3482c15b2a21dae483 | f33f64d1396142b197743c7c63f0424b | etc:attribute | etc:attribute | fdcb408c3a6947af8998427de915554b | 1634338859538 | NULL | 0 | attribute | attribute | NULL | NULL | NULL | 0 | 0be82f44d8e6482d8854ee10e6a3010b | 10008 |
-| a35549a8c04f46d68def2766810e682b | 52c8c0a28f8f46eea176d7f570da05ba | ref:course | ref:course | fdcb408c3a6947af8998427de915554b | 1634338885867 | NULL | 0 | course | course | NULL | NULL | NULL | 0 | e19df33ec9ab495eb931d1f32b0cd9e1 | 10038 |
-| ac4d6965296a4b45a1cb31b95ffa262d | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:permissionLimits | etc:attribute:permissionLimits | fdcb408c3a6947af8998427de915554b | 1634338864339 | fdcb408c3a6947af8998427de915554b | 1634338864359 | permissionLimits | permissionLimits | folder for built in Grouper permission limits | NULL | NULL | 1 | e6b1ef21ffe248a3849a319b39a3b85f | 10021 |
-| accc53ee36234bc5a4b67876d382e595 | 7b57c6cc59004da3a32e3cc2d09873b7 | etc:attribute:instrumentationData:instrumentationDataCollectors | etc:attribute:instrumentationData:instrumentationDataCollectors | fdcb408c3a6947af8998427de915554b | 1634338866353 | fdcb408c3a6947af8998427de915554b | 1634338866370 | instrumentationDataCollectors | instrumentationDataCollectors | folder for Grouper collectors | NULL | NULL | 1 | 3245755396314e12a4de7f80f3005b7a | 10027 |
-| b27a309d5e2b4a0291cc421ca4911f78 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:loaderLdap | etc:attribute:loaderLdap | fdcb408c3a6947af8998427de915554b | 1634338865090 | fdcb408c3a6947af8998427de915554b | 1634338865106 | loaderLdap | loaderLdap | folder for built in Grouper loader ldap attributes | NULL | NULL | 1 | ef95069f96ad4f15b0761648d239351f | 10023 |
-| bd7a98efa41f4bf3b0814f4a1d6bfc75 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:rules | etc:attribute:rules | fdcb408c3a6947af8998427de915554b | 1634338863675 | fdcb408c3a6947af8998427de915554b | 1634338863700 | rules | rules | folder for built in Grouper rules attributes | NULL | NULL | 1 | bf6e74daf89f48c792779b2a901c34da | 10020 |
-| d687641d7a794177a2e2d092f773bcfe | 837f5eb3402649fea5e6077c9fdfd1b0 | app:mailinglist | app:mailinglist | fdcb408c3a6947af8998427de915554b | 1634338888263 | NULL | 0 | mailinglist | mailinglist | NULL | NULL | NULL | 0 | 89b9e2d7b5f2461eaadc1754a03e8ef7 | 10041 |
-| dd73523792b7421fa0f349bb836ad1b1 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:messages | etc:attribute:messages | fdcb408c3a6947af8998427de915554b | 1634338860167 | fdcb408c3a6947af8998427de915554b | 1634338860191 | messages | messages | folder for message queues and topics, topic to queue relationships and permissions | NULL | NULL | 1 | 559972ebd6964d84a0bc0fedae698af4 | 10011 |
-| f2fee1cee0874093ab97a7217a2f16e8 | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:attrExternalSubjectInvite | etc:attribute:attrExternalSubjectInvite | fdcb408c3a6947af8998427de915554b | 1634338859759 | fdcb408c3a6947af8998427de915554b | 1634338859776 | attrExternalSubjectInvite | attrExternalSubjectInvite | folder for built in external subject invite attributes, and holds the data via attributes for invites. Dont delete this folder | NULL | NULL | 1 | 1e814611f53e42fe8f364a8e6f23e3e4 | 10010 |
-| f33f64d1396142b197743c7c63f0424b | 1460b18ad220413a8b10958132304f0f | etc | etc | fdcb408c3a6947af8998427de915554b | 1634338857266 | NULL | 0 | etc | etc | NULL | NULL | NULL | 0 | 32ab050195cd4d44a963ec78e36a1399 | 10002 |
-| fadfdc6f3df04824b861fcdd1c093edb | 9c32917c44704f3482c15b2a21dae483 | etc:attribute:loaderMetadata | etc:attribute:loaderMetadata | fdcb408c3a6947af8998427de915554b | 1634338863428 | fdcb408c3a6947af8998427de915554b | 1634338863449 | loaderMetadata | loaderMetadata | folder for built in Grouper Loader Metadata attributes | NULL | NULL | 1 | 7dd430afcea44319b484546d203b4253 | 10019 |
-+----------------------------------+----------------------------------+-----------------------------------------------------------------+-----------------------------------------------------------------+----------------------------------+---------------+----------------------------------+---------------+-------------------------------+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------+------------------------+----------------+--------------------------+----------------------------------+----------+
-42 rows in set (0.00 sec)
-
-MariaDB [grouper]> describe grouper_stems;
-+--------------------------+---------------+------+-----+---------+-------+
-| Field | Type | Null | Key | Default | Extra |
-+--------------------------+---------------+------+-----+---------+-------+
-| id | varchar(40) | NO | PRI | NULL | |
-| parent_stem | varchar(40) | YES | MUL | NULL | |
-| name | varchar(255) | NO | UNI | NULL | |
-| display_name | varchar(255) | NO | MUL | NULL | |
-| creator_id | varchar(40) | NO | MUL | NULL | |
-| create_time | bigint(20) | NO | MUL | NULL | |
-| modifier_id | varchar(40) | YES | MUL | NULL | |
-| modify_time | bigint(20) | YES | MUL | NULL | |
-| display_extension | varchar(255) | NO | MUL | NULL | |
-| extension | varchar(255) | NO | MUL | NULL | |
-| description | varchar(1024) | YES | | NULL | |
-| last_membership_change | bigint(20) | YES | MUL | NULL | |
-| alternate_name | varchar(255) | YES | MUL | NULL | |
-| hibernate_version_number | bigint(20) | YES | | NULL | |
-| context_id | varchar(40) | YES | MUL | NULL | |
-| id_index | bigint(20) | NO | UNI | NULL | |
-+--------------------------+---------------+------+-----+---------+-------+
-16 rows in set (0.00 sec)
-```
-
-
-- - -
-_2021-10-12 13:21 Workbench Wiki Site Map_
-
-https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
- <- Workbench Entrypoint link. *Start here* +
-https://spaces.at.internet2.edu/x/-IKeCg
- <- Permanent link to Workbench Entrypoint +
-
-===== Links on that page:
-
-* "Curious to see what the workbench includes? Follow this link" https://spaces.at.internet2.edu/pages/viewpage.action?pageId=178160388"
-
-* "Launch your CSP Workbench Instance" https://spaces.at.internet2.edu/display/TAPW/Launch+Your+CSP+Workbench+Instance
-
-* "Choose from a graded selection of how-tos and case studies for the Workbench" https://spaces.at.internet2.edu/display/TAPW/Workbench+How-tos+and+Case+Studies
-
-** Starting simple
-
-*** The Workbench as a Realization of the TAP Reference Architecture
-
-** Basic Tasks
-
-*** "Connect a Student Information System to midPoint"
-
-*** "Configuring Near-Real Time Provisioning and DeProvisioning of Wordpress Administrators"
-
-** End-to-End Case Studies
-
-*** "See the Workbench Managing Access to Applications and Services" https://spaces.at.internet2.edu/display/MID/See+the+Workbench+Managing+Access+to+Applications+and+Services
-
-*** "Providing Identity and Access Management Services to Research Organizatiohn with COmanage" https://spaces.at.internet2.edu/display/TAPW/COmanage+Integration+and+Basic+Walkthrough
-
-.
-
-- - -
-_2021-09-29 11:00 More WB prep_
-
-Keith Hazelton 07:53
-
-Have a look at the current version of the Workbench wiki pages starting at
-https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
-
-I’ve restructured the bottom half of the page in the hope that users will experience a smoother flow.
-
-To dig deeper, follow the three links near the bottom of that page, (edited)
-
-save links:
-https://spaces.at.internet2.edu/display/TAPW/COmanage+Integration+and+Basic+Walkthrough
-https://spaces.at.internet2.edu/display/TAPW/Workbench+Basic+Walkthrough
-
-
-The good mP admin walkthrough:
-Erin / Internet2 to Everyone (11:34)
-https://spaces.at.internet2.edu/display/MID/Getting+Started+with+the+InCommon+Trusted+Access+Platform+Workbench
-
-- - -
-
-CSP Work Bench CSPWB-53 Add a graded selection of how-to's and CSP case studies to the workbench
-Epic Link: WB How-tos and Tutorials
-In Progress
-
-- - -
-_2021-09-29 11:00 WB prep_
-
-https://spaces.at.internet2.edu/display/TAPW/InCommon+Trusted+Access+Platform+Workbench
- <- Start here +
-
-On that page, there is a section called "Running Your Own Workbench Instance". The link "Workbench Repository" point to
-https://github.internet2.edu/internet2/InCommonTAP-Examples/tree/main/Workbench
-
-Under "Getting Started with the Workbench", there is a "Visit Canvas" link that goes to https://learning.internet2.edu/courses/72/pages/workbench. The "Resources" section there contains a link back to the initial page labeled 'start here' above. That could be confusing. I recommend ditching the "Resources" section and replacing with a link to a TBD page, "Getting familiar with the Workbench" with a selection of case study walk-throughs.
-
-Back on the start here page,
-https://spaces.at.internet2.edu/pages/viewpage.action?pageId=178160388
- <- +
-Replace the "Getting +++<del>+++Started+++</del>+++ Familiar with the Various Uses of the Workbench" section, a link on that phrase that goes to the page with that title that has a graded selection of case study walk-throughs.
-
-"Getting Familiar with the Various Uses of the Workbench":
-
-- - -
-_2021-08-25 10:59 WB prep_
-
-Check getting started w Workbench wiki page ToC
-
-check CSP 2022 Calendar of Events gDoc
-
-30' overview of component, Slavek mP followed by related use case, Ethan UNC
-
-From MarkR on the 10th of August:
-
-"Folks - A quick update on the IAM Architecture Project. I am still working on narratives for two of the five use cases. My hope is to get the narratives finished and create the needed diagrams in the coming couple of weeks. Let me know there are comments or concerns."
-Let me know if you have additional questions or concerns."
-
-- - -
-_2021-08-18 13:15 WB prep_
-
-https://todos.internet2.edu/secure/RapidBoard.jspa?rapidView=157&selectedIssue=CSPWB-16
-
-https://spaces.at.internet2.edu/display/MID/Getting+Started+with+the+InCommon+Trusted+Access+Platform+Workbench
-
-- - -
-_2021-08-12 11:00 Future Evolution of Workbench_
-
-Let’s use this time to chat about the CSP workbench and changes for this program cycle:
-
-Review WB Wiki materials from last round.
-
-CSP Kickoff Sept. 16-17
-
-- Rolling it out earlier in the program
-- Documentation of features and cookbook (?)
-+ Teaching users how to use it (after Grouper training) and explain where touchpoints are
-- What to share in Kick Off (demo?)
-- Timing for all of this loveliness
-
-Thanks, all! Erin
-
-- - -
-_2021-07-22 12:46 Workbench rebuilt, restarted on aktis.org_
-
-service [apache2, postgresql] stop <- free up ports 80, 443, and 5432 for Workbench use
-
-clean and build from scratch
-```
-docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
-
-cd ~/opt
-rm -rf InCommonTAP-Examples-current
-git clone git@github.internet2.edu:internet2/InCommonTAP-Examples.git
-cp -r InCommonTAP-Examples InCommonTAP-Examples-current
-mv InCommonTAP-Examples InCommonTAP-Examples-2021-07-22
-cd InCommonTAP-Examples-current/Workbench
-docker-compose up -d --build
-
-kh@localhost:~/opt/InCommonTAP-Examples-current/Workbench$ docker ps
-CONTAINER ID IMAGE- COMMAND CREATED STATUS PORTS NAMES
-15950f873005 workbench_comanage-cron "docker-comanage-cro…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp workbench_comanage-cron_1
-932a78f87942 workbench_idp "/usr/bin/startup.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:13443->443/tcp workbench_idp_1
-5014dc8aa914 workbench_comanage "docker-supervisord-…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 8080/tcp, 0.0.0.0:11443->443/tcp workbench_comanage_1
-86087354949c workbench_midpoint_server "/usr/local/bin/star…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:10443->443/tcp workbench_midpoint_server_1
-bec3babd203d workbench_grouper_ws "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:9443->443/tcp workbench_grouper_ws_1
-e515f8b56d42 workbench_grouper_ui "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:8443->443/tcp workbench_grouper_ui_1
-714b318c2a41 workbench_grouper_daemon "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp workbench_grouper_daemon_1
-ddb5d3dbbbb0 workbench_wordpress_server "bash -c 'if [ ! -s …" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:12443->443/tcp workbench_wordpress_server_1
-95a8369f86ac workbench_idp_ui "/usr/bin/supervisor…" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:8080->8080/tcp, 8443/tcp workbench_idp_ui_1
-aef18a2368de workbench_directory "/bin/sh -c 'rm -rf …" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:389->389/tcp, 443/tcp workbench_directory_1
-949e2d9dd6f4 tier/mariadb:mariadb10 "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:33306->3306/tcp workbench_midpoint_data_1
-a8810afeb95c workbench_wordpress_data "docker-entrypoint.s…" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:32770->3306/tcp workbench_wordpress_data_1
-22f3f5dba832 tier/mariadb:mariadb10.2 "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:33366->3306/tcp workbench_idp_ui_data_1
-8e99a7bf9092 workbench_comanage_data "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:23306->3306/tcp workbench_comanage_data_1
-95f57c5926f7 workbench_grouper_data "/usr/local/bin/entr…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 443/tcp, 0.0.0.0:3306->3306/tcp workbench_grouper_data_1
-21e32571a6f9 workbench_mq "/usr/local/bin/demo…" 12 minutes ago Up 12 minutes (healthy) 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp workbench_mq_1
-8d90968c78ea workbench_webproxy "/usr/local/bin/star…" 12 minutes ago Up 12 minutes (healthy) 80/tcp, 0.0.0.0:443->443/tcp workbench_webproxy_1
-c5852f1236c9 workbench_sources "/opt/bin/start.sh" 12 minutes ago Up 12 minutes (healthy) 0.0.0.0:13306->3306/tcp workbench_sources_1
-kh@localhost:~/opt/InCommonTAP-Examples-current/Workbench$
-```
-
-~30 minutes from code clone to running Workbench
-
-- - -
-_2021-04-28 17:13 Workbench rebuilt, restarted on aktis.org_
-
-https://aktis.org/
- <- Workbench jump page +
-
-- - -
-_2021-03-07 11:32 install CSP workbench on aktis.org_
-
-Success except that the midPoint server failed to start.
-
-edited Wordpress metadata to include hostname in SAML entityId
-
-SCIM use outbound howto: Jessica:
-
-ChrisHy
-
-AWS is connected by SCIM @ Penn groups, userinfo: name, email, id; to Sailpoint or to SQL; groups & memberships
-
-inconsistent support for Server capabilities
-
-Chris Hy: Grouper provision to mP via SCIM would be nice (but breaks the mP pull model)
- " "
- " "
- v v
-SCIM 'client' SCIM 'server'
-
-```
-ssh into the AWS host and do a
-docker-compose down
-git pull
-docker-compose up --build -d
-and freshen your instance without losing data
-```
-- - -
-_2021-01-07 11:00 workB touchbase_
-
-Erin Murtha to Everyone (11:32)
-One sec
-Erin Murtha to Everyone (11:37)
-Sand bench names: https://docs.google.com/document/d/1lvqMdLlPR7n-hc25y2kSj0G_pPHWntU4To0jNNV9PsI/edit
-https://docs.google.com/document/d/1lvqMdLlPR7n-hc25y2kSj0G_pPHWntU4To0jNNV9PsI/edit <- Jump Page
-
-- - -
-_2020-12-10 11:20 meetup_
-
-Here’s the page Slavek put up on Nov. 24. It has details on the Shibbing of midPoint supporting a simple configuration switch between Shib and Evolveum’s own SAML SP solution:
-https://spaces.at.internet2.edu/display/MID/Shibboleth+demo
- <- +
-
-https://docs.google.com/document/d/1FhPHPmaDo2-Co6vtWUJNjQ4hTlfRVPNNyOV3-RWQyH8/edit#heading=h.
- <- kickoff agenda
-
-Mike Mays to Erin: Oveall timeline--how much hands on can we expect?
-
-- - -
-_2020-12-10 09:18 Configure mP 4.2 to use Shibboleth for SAML_
- https://spaces.at.internet2.edu/display/MID/Shibboleth+demo
-
-- - -
-
-https://docs.evolveum.com/midpoint/studio/
-https://docs.google.com/document/d/1YldIXPkZLVkKpf_9xX1VqJMAUSBvSxeKZEx7FweTP-o/edit#heading=h.23shvvdgh9qg
- <- wB documentation & testing +
-SEE wasabi.adoc for local install
-
-next] Use U Del plan as an initial test case for campus integration
-
- export CSPHOSTNAME=localhost (xps, wasabi)
-
-https://github.internet2.edu/internet2/InCommonTAP-Examples
-
-- - -
-_2020-12-17 08:20:27 Prep for Workbench tutorials and how-tos_
-
-*Base URL*
- https://localhost/ csp/wb
-
-*admin user: banderson pw*
-
-* midPoint
-* Grouper
-* COmanage
-
-*admin/54y6RxN7GfC7aes3*
-
-* WordPress
-
-*LDAP, SQL, AMQP visibility*
-
-* RabbitMQ: guest/pw
-* LDAP Admin: cn=admin,dc=internet2,dc=edu / pw
-* SQL Admin
-
-*Shibboleth*
-
-* Grouper SP status page
-* midPoint SP status page
-* COmanage SP status page
-
-* IdP status page
-* UI for IdP config
-
-.
-
-- - -
-
-Paul Caskey 08:35
-We don't yet have a mail relay
-
-Keith Hazelton 08:36
-ahh, my mistake, I saw BillK mention email and jumped to conclusions
-
-Paul Caskey 08:37
-We'll get there... :slightly_smiling_face:
-
-Keith Hazelton 08:38
-I want to write up some instructions on using midPoint Studio for remote access to the container
-
-Paul Caskey 08:39
-Good idea!!
-
-Keith Hazelton 08:39
-Ppl would have to install that locally, but it's pretty straighforward
-They can use the Community edition of IntelliJ
-
-Paul Caskey 08:40
-That's what I use and it's works great for MP.
-
-Keith Hazelton 08:41
-It's so cool, all this stuff, it's like having IAM in a glass box--you can see how everything works
-:gift:
-
-Paul Caskey 08:42
-Yes and you can be risky because if you screw it up, then we just :shotgun:
-
-Bill Kaufman:monkey: 08:43
-Q: if you :shotgun: are LDAP and mysql etc. preserved?
-
-Keith Hazelton 08:46
-This is something commercial products would have real trouble replicating
-there's no profit to be made
-
-Bill Kaufman:monkey: 08:48
-Are you getting support from MikeG @pcaskey?
-
-Paul Caskey 09:14
-@khazelton On a local install, yes, they are typically preserved because, by default, docker-compose down doesn't delete volumes and that's where data is preserved. On our AWS installs, typically we just kill the node and let AWS spin up a new node, which does wipe the data. But, it's not hard to ssh into the AWS host and do a docker-compose down, then git pull, then docker-compose up --build -d and freshen your instance without losing data.
-
-@wkaufman A little. Apparently there's not much Pac4J knowledge to be had there. IMHO, we should be running the shibb SP with the IdP UI. We didn't want a weird SP with midPoimt, not sure why we'd want it with the IdP UI...
-
-Bill Kaufman:monkey: 09:17
-Then we should update the requirements
-
-Paul Caskey 09:20
-I have 5 issues with the IdP UI:
-If I enable their additional MetadataProvider in the IdP's services.xml, then no other metadata is loaded.
-Can't upload metadata from a URL (in the workbench) due to the UI insisting on java-based cert trust
-Can't upload metadata from a file due to an error in the UI (reported to Mike G)
-Can't get the SAML integration to work
-We'll need to use the API to pre-load metadata into the UI for the workbench. Would be nice to have some doc on what the various API calls are...
-
-Bill Kaufman:monkey: 09:22
-Ok, I would like to share this directly with Mike, Jj, Charise and SteveE to get input and refactor what we need to in the Work Segment. There have been several hanging chads they have not addressed. @chubing do you have anything to add?
-:no:
-1
-
-
-Keith Hazelton 09:30
-@pcaskey The jump page has links for the SP status pages for Grouper and midPoint; Could there be one for the COmanage status page, too, or is that an odd duck?
-
-Paul Caskey 09:34
-Yes, I'll add that right now
-
-Keith Hazelton 09:41
-What do you think of moving the Shib info down to the bottom of the jump page; That way we'd lead off with the main components. Just a thought
-I'd like to try configuring an LDAP connector that exposes the COmanage guest OU as another SoR resource.
-Shouldn't be too painful.
-
-Paul Caskey 09:47
-I already have such a resource, just haven't uploaded it yet since the LDAP stuff isn't there yet
-
-Keith Hazelton 09:47
-At least for now, it would be one-way: Guest OU to midPoint
-I see a guest ou with one user in it
-
-Paul Caskey 09:48
-basically a copy of what we have in IAM/ICP
-It's a dummy user from LDIF. Still working on the provisioning, etc
-
-Keith Hazelton 09:48
-Far be it from me to take work away from you, @pcaskey
-:smiley:
-
-Paul Caskey 09:49
-LOL
-Happy to change jump page in any way... Can you propose a list of links (and categories) from top down?
-BTW, the COmanage SP's status pg -> jump pg is merged now (edited)
-:beer:
-
-Keith Hazelton 09:50
-Sure. Wondering what to do about un/pw exposure; Is the basic auth enough to make us feel safe? Include on the jump page or create a separate cheat sheet? (edited)
-
-Paul Caskey 09:51
-It's a fine question... :wink:
-
-Ethan Kromhout 09:51
-I'll want to add a link to the wp-admin page, assuming I ever get wordpress fully working behind the proxy.
-:heavy_check_mark:
-
-Paul Caskey 09:52
-and I guess we should also add a link to the WP Shibb SP's status pg like we did the others
-:heavy_check_mark:
-
-- - -
-
-*Jump page*
-
-Welcome to the InCommon TAP Workbench!
-
-This is your own personal instance of the InCommon Trusted Access Platform Workbench.
-
-For complete documentation, see this page.
-
-The system contains the following TAP components (click the links to access each component in its own tab):
-
- Shibboleth IdP (4.0.1)
- Shibboleth IdP UI (1.7.0)
- Shibboleth SPs:
- Grouper SP (3.1.0)
- midPoint SP (3.1.0)
- Grouper (2.5.37)
- midPoint (4.2)
- COmanage (3.3.1)
-
-The system also contains the following downstream/target applications:
-
- WordPress
-
-In addition, the following applications are available:
-
- Rabbit MQ
- LDAP Admin
- SQL Admin
-
-- - -
-_2020-11-21 14:19 open issues with InCommonTAP-Examples/Workbench (Integrated TAP Component Package} on wasabi)_
-
-export CSPHOSTNAME=wasabi
-
-Original version of ../Workbench/upload-import-sis-persons.sh had library.bash in midPoint_container directory and the hostname was hardcoded to 'localhost' in library.bash
-
-Corrected version with library.bash in current directory and sed-settable hostname:
-
-change "source ../../library.bash" to "source library.bash"
-
-
-```
--rw-r--r-- 1 khazelton khazelton 23045 Nov 21 12:23 library.bash
--rw-r--r-- 1 khazelton khazelton 22950 Nov 21 11:36 library.bash.orig
--rw-r--r-- 1 khazelton khazelton 23045 Nov 21 12:31 library.bash.template
-
-../Workbench$ sed 's/__CSPHOSTNAME__/wasabi/g' library.bash.template > library.bash
-
-- - -
-
-cat upload-import-sis-persons.sh
-Shibboleth
-source library.bash
-midpoint-objects-manual/tasks/task-import-sis-persons.xml
-```
-
-./upload-import-sis-persons.sh fails with errors as it attempts to load each user
-
-```
-khazelton@wasabi:~/opt/InCommonTAP-Examples/Workbench$ ./upload-import-sis-persons.sh
-
-Uploading midpoint-objects-manual/tasks/task-import-sis-persons.xml (tasks, 22c2a3d0-0961-4255-9eec-c550a79aeaaa)
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
-<html><head>
-<title>405 Method Not Allowed</title>
-</head><body>
-<h1>Method Not Allowed</h1>
-<p>The requested method PUT is not allowed for the URL /midpoint/ws/rest/tasks/22c2a3d0-0961-4255-9eec-c550a79aeaaa.</p>
-</body>
-</html>
-```
-The upload file function being called; Note that I changed the curl command from 'localhost' to 'wasabi'
-```
-
-function upload_from_file () {
- local FILENAME=$1
- local OPTIONS_TO_ADD=$2
- local REGEX="midpoint-objects.*/(.*)/(.*)"
- if [[ $FILENAME =~ $REGEX ]]
- then
- TYPE="${BASH_REMATCH[1]}"
- OID=`cat $FILENAME | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
- echo "Uploading $FILENAME ($TYPE, $OID)"
- curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://wasabi:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
- else
- echo "Skipping $FILENAME"
- fi
-}
-```
-But with 4.2 version straight from internet2 repo running on xps, that script runs successfully and imports 100 students as users
-
-- - -
-_2020-11-20 13:58 WB meeting: PaulC showing WB_
-
-```
-CSPHOSTNAME=abc.workbench.incommon.org
-
-https://abc.workbench.incommon.org <- tests can be run here until further notice
-
-ssh csprootuser@abc.workbench.incommon.org
-T3sting123!
-
-cat /etc/os-release
-
-NAME="Amazon Linux"
-VERSION="2"
-ID="amzn"
-ID_LIKE="centos rhel fedora"
-VERSION_ID="2"
-PRETTY_NAME="Amazon Linux 2"
-ANSI_COLOR="0;33"
-CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
-HOME_URL="https://amazonlinux.com/"
-
-cat /csp-tap/InCommonTAP-Examples/README.md
-
-# InCommonTAP-Examples
-Contains example uses of the InCommon Trusted Access Platform components working together
-
-Below are the names/ports that the components in the demos will use. Not all demos use all components.
-
-## ITAP Training Environment Names/Ports ##
-
-**Web Proxy**
-* name:
-* port: 443
-
-**IdP**
-* name: idp.example.org
-* port: 13443
-
-**Grouper**
-* name: grouper.example.org
-* port: 8443
-
-**Grouper-WS**
-* name: grouper-ws.example.org
-* port: 9443
-
-**COmanage**
-* name: comanage.example.org
-* port: 12443
-
-**midPoint**
-* name: midpoint.example.org
-* port: 10443
-
-**Satosa**
-* name: proxy.example.org
-* port: 11443
-
-**LDAP**
-* name: ldap.example.org
-* port: 389, 636
-
-**DB**
-* name: db.example.org
-* port: 3306, 5432
-
-**Rabbit**
-* name: rabbit.example.org
-* port: 15672 (web), 5671, 5672
-
-**HRMS**
-* name: hr.example.org
-* port: 14443
-
-**SIS**
-* name: sis.example.org
-* port: 15443
-
-**Wordpress**
-* name: www<span></span>.example.org
-* port: 16443
-[csprootuser@ip-172-31-37-171 ~]$
-```
-
-Getting started with midPoint page on Spaces wiki as starting point for documentation
-
-- - -
-_2020-10-29 11:00 WB meeting_
-
-get mP 4.2 w native Shib into IncommonTAP-Examples CSPWB-27
-
-- - -
-_2020-10-23 17:25 mP 4.2 released_
-
-http://www.evolveum.com/downloads/midpoint/4.2/midpoint-4.2-dist.tar.gz
-- - -
-_2020-10-18 13:27 Success building and running grouper/demo with latest midPoint 4.2 snapshot_
-
-stop mariadb on Mac NbP
-```
-brew services stop mariadb
-Stopping `mariadb`... (might take a while)
-==> Successfully stopped `mariadb` (label: homebrew.mxcl.mariadb)
-```
-make sure demo/grouper ports are clear
-```
-lsof -nP -iTCP -sTCP:LISTEN
-COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
-mongod 1282 khazelton 9u IPv4 0xf4239cf2343db489 0t0 TCP 127.0.0.1:27017 (LISTEN)
-Loop 1296 khazelton 4u IPv4 0xf4239cf21f986f69 0t0 TCP 127.0.0.1:3641 (LISTEN)
-Loop 1296 khazelton 6u IPv6 0xf4239cf234903c99 0t0 TCP [::1]:3641 (LISTEN)
-BlueJeans 1305 khazelton 3u IPv4 0xf4239cf21f98b489 0t0 TCP 127.0.0.1:18171 (LISTEN)
-com.docke 1445 khazelton 13u IPv4 0xf4239cf2343d8d09 0t0 TCP 127.0.0.1:49272 (LISTEN)
-```
-wipe clean all Docker images, containers, and volumes
-```
-docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
-```
-clone the latest I2/mP demo package, position copies
-```
-git clone https://github.internet2.edu/Docker/midPoint_container.git
-
-cp -rf midPoint_container midPoint_container-current
-cd midPoint_container-current
-```
-build the images
-```
-./build.sh
-```
-change to demo folder and bring up the containers
-```
-docker-compose up --build
-
-docker ps
-
-CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-eb8f27710675 grouper_midpoint_server "/usr/local/bin/star…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:8443->443/tcp grouper_midpoint_server_1
-911ee2e95760 grouper_grouper_daemon "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 443/tcp grouper_grouper_daemon_1
-ae1c21eace64 grouper_grouper_ws "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:9443->443/tcp grouper_grouper_ws_1
-7e886049a70a grouper_grouper_ui "/usr/local/bin/entr…" 2 hours ago Up 31 minutes (healthy) 80/tcp, 0.0.0.0:4443->443/tcp grouper_grouper_ui_1
-7e462d06c7cb grouper_idp "/usr/bin/startup.sh" 2 hours
From b2f7aab741a965c5ba592edb164fe727516c251f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 07:50:14 -0500
Subject: [PATCH 083/126] Rename test-data-howto1.adoc to test-data-howto.adoc
---
test-data-howto1.adoc => test-data-howto.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename test-data-howto1.adoc => test-data-howto.adoc (99%)
diff --git a/test-data-howto1.adoc b/test-data-howto.adoc
similarity index 99%
rename from test-data-howto1.adoc
rename to test-data-howto.adoc
index 6732942..70bbae1 100644
--- a/test-data-howto1.adoc
+++ b/test-data-howto.adoc
@@ -295,4 +295,4 @@ refid rid
```
- The import task incorporates the synchronization process
----
\ No newline at end of file
+---
From f179accc44d080120eb051c15c0a4b63272f8cba Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:13:31 -0500
Subject: [PATCH 084/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 70bbae1..ea43054 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -236,13 +236,15 @@ _2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
- - -
_2023-08-17 08:44:37 Import 50,000 users from source-sis-full.csv_
-*- process for importing large csv files into midPoint -*
+*- process for importing large csv files into fresh instance of midPoint -*
-Bringing in the full test SIS population (50k) to midPoint Workbench
+Assumes you have already done this once and we start from that instance
-Save the edited docker-compose.yml with data file binds: +
+Save the existing edited docker-compose.yml with data file binds: +
/csp-tap/InCommonTAP-Examples-0816/Workbench/docker-compose.yml
+Bring the full test SIS population (50k) file into midPoint Workbench
+
Save the contents of the ../csv directory
```
@@ -260,18 +262,19 @@ ls -la
docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi $(docker images -q) --force; docker volume rm $(docker volume ls -q)
```
-Replace downloaded ../csv with saved version
+Replace downloaded ../csv directory with saved version
Replace repo version of docker-compose.yml with saved version
-*- Build and bring up the fresh Workbench -*
+*- Build and bring up the fresh Workbench
+
```
docker-compose up --build -d
```
- Create a new (midpoint) project in midPoint Studio and edit the default configuration to point to the new Workbench host
-*- import source-sis-full.csv -*
+*- import the full sis resource -*
```
*Schema mapping and extension attributes*
From 7fd9a460db197d8970853cb20fb0a32448a50b28 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:18:59 -0500
Subject: [PATCH 085/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index ea43054..f5ad47b 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -297,5 +297,18 @@ refid rid
8/17/23, 5:05:57 PM (01:42:59.164)
```
-- The import task incorporates the synchronization process
+- The import task incorporates the synchronization process, so the sis records have created corresponding user records
+
+*- Next Steps -*
+
+Give all users the ldap-basic role which will provision all users into LDAP
+
+Have Grouper treat LDAP as its subject source and create HRMS and SIS Grouper groups with loader jobs
+
+Change groups and group memberships with Grouper and track the performance of the Grouper - midPoint connector
+
+---
+
+
+
---
From 8aa4374cceba394a5bad7a4092ad2106a83fd605 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:24:17 -0500
Subject: [PATCH 086/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index f5ad47b..d7ea101 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -1,6 +1,6 @@
=== test-data-how-to.adoc
- - -
-_2023-08-16 18:10:25 success importing a small sample of the csv SIS file_
+_2023-08-16 18:10:25 Importing a small sample csv SIS file_
*- CSV connector How-to: Bring a new resource into a Worbench instance -* +
*- (example modified from The Book, Chapter 8, HR section) -*
From a7404b362ce6e8ca2d8396e36c2f0747f51703da Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:25:10 -0500
Subject: [PATCH 087/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index d7ea101..32446a2 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -3,7 +3,8 @@
_2023-08-16 18:10:25 Importing a small sample csv SIS file_
*- CSV connector How-to: Bring a new resource into a Worbench instance -* +
-*- (example modified from The Book, Chapter 8, HR section) -*
+
+- (example modified from The Book, Chapter 8, HR section)
- Start with the small csv resource definition from Chapter 8 of the Book
From 20993dcdff7908b69ae2d3ac76e955aacc655aaf Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:47:08 -0500
Subject: [PATCH 088/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 32446a2..8261787 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -234,6 +234,9 @@ _2023-08-16 18:10:25 Importing a small sample csv SIS file_
</synchronization>
</resource>
```
+
+*- The resource definition file is now ready to upload with midPoint Studio -*
+
- - -
_2023-08-17 08:44:37 Import 50,000 users from source-sis-full.csv_
From e839fbe7462a4a121beee75e83f0ab7514ef9151 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 08:49:33 -0500
Subject: [PATCH 089/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 8261787..e798289 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -270,7 +270,7 @@ Replace downloaded ../csv directory with saved version
Replace repo version of docker-compose.yml with saved version
-*- Build and bring up the fresh Workbench
+*- Build and bring up the fresh Workbench -*
```
docker-compose up --build -d
From 50a8811c94c1464cb9c7a0b1604ab6df4bff565f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 10:06:46 -0500
Subject: [PATCH 090/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index e798289..8f77422 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -309,10 +309,8 @@ Give all users the ldap-basic role which will provision all users into LDAP
Have Grouper treat LDAP as its subject source and create HRMS and SIS Grouper groups with loader jobs
-Change groups and group memberships with Grouper and track the performance of the Grouper - midPoint connector
-
----
-
+Compare performance of LDAP subject source with a custom sql db table subject source
+Change groups and group memberships with Grouper and track the performance of the Grouper - midPoint connector
---
From 3b820dff6f4398e554a0612e0a1a2486de589fed Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 18 Aug 2023 10:31:24 -0500
Subject: [PATCH 091/126] Update test-data-howto.adoc
---
test-data-howto.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test-data-howto.adoc b/test-data-howto.adoc
index 8f77422..e31c31c 100644
--- a/test-data-howto.adoc
+++ b/test-data-howto.adoc
@@ -290,11 +290,11 @@ given givenName
surname familyName
email emailAddress
ph telephoneNumber
-cntry-code cntryCode
+cntry-code ex-cntryCode
unid uid
occup title
dept orgUnit
-refid rid
+refid ex-refid
59614 (closed) Last object processed: 641-64-5552 +
8/17/23, 3:22:57 PM - +
From 8470a09088318ad256014c6e5f369e0eed2fd355 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 6 Sep 2023 12:33:24 -0500
Subject: [PATCH 092/126] Create index.html
---
index.html | 12 ++++++++++++
1 file changed, 12 insertions(+)
create mode 100644 index.html
diff --git a/index.html b/index.html
new file mode 100644
index 0000000..cecdf65
--- /dev/null
+++ b/index.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>title</title>
+ <link rel="stylesheet" href="style.css">
+ <script src="script.js"></script>
+ </head>
+ <body>
+ <!-- page content -->
+ </body>
+</html>
From 5c8160427636a4cc3507c25e4f08234a6aaa2879 Mon Sep 17 00:00:00 2001
From: KHeith Hazelton <kh@MBProMax-2.local>
Date: Wed, 6 Sep 2023 12:38:23 -0500
Subject: [PATCH 093/126] kh docsify trial
---
.DS_Store | Bin 6148 -> 6148 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/.DS_Store b/.DS_Store
index 8f1c0c6102b9d44c49a6a6deb90810567de95203..d9e26b64781afbddf4f9f35652240be6af75ecf3 100644
GIT binary patch
delta 200
zcmZoMXffEJ$`r>Z62id1z`~%%kj{|FP?DSP;*yk;p9B=+_%iE{yw9E^j;Qh}c;yQ+
z41<&Na|?ia7#R2qCO0#gvb~oCnKOAGlN5}3kI9;uEn8=@46_WIW(io<j#*9}!US8$
h26Rj=Ln6>osSL#^hO!;lJdwGKWnux}W_FIh`~dU}IcWd@
delta 200
zcmZoMXffEJ$`r?yvxk9!frUYjA)O(Up(Hoo#U&{xKM5$tk>_965w`G%BdUA~UipFy
z!{Frn+ybB;1_s^-lbe}L*)|D$JP;;6c^{J$jCqgAnwfbb$7C618MdbxU|Bn6IdupV
kY#|%aF}VzhKu4uA6r&i*ykYZ1<}#Lv1$>*?IsWnk0I5(pQ2+n{
From aea7bc59c5b8474168711127bf2cf21b33c26dae Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 4 Oct 2023 11:17:08 -0500
Subject: [PATCH 094/126] Update ps2grouper.adoc
---
ps2grouper.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ps2grouper.adoc b/ps2grouper.adoc
index b096fd4..a0d5d85 100644
--- a/ps2grouper.adoc
+++ b/ps2grouper.adoc
@@ -56,7 +56,7 @@ all of those are published. A group or many of them are then published to that t
I should have said this before, but please interrupt with questions as we go along, because I know these paths are fairly divergent.
-Q: So it's a really, really quick one about the diagram that you're showing that Are the arrows correct? Are you taking data from and from Fromatica and sending it to people talk? Or is it the other way?
+Q: So it's a really, really quick one about the diagram that you're showing that Are the arrows correct? Are you taking data from and from Informatica and sending it to people talk? Or is it the other way?
A: I debated which way to point these arrows, but this is our SQL query, so that is Informatica reaching out to Peoplesoft with the SQL query and pulling data back.
From 2995e7e53a15573c3dfa3fca61c3627f63a59ec7 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 12 Oct 2023 14:08:50 -0500
Subject: [PATCH 095/126] Create grouperSurveyResponses.adoc
---
grouperSurveyResponses.adoc | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
create mode 100644 grouperSurveyResponses.adoc
diff --git a/grouperSurveyResponses.adoc b/grouperSurveyResponses.adoc
new file mode 100644
index 0000000..6934faa
--- /dev/null
+++ b/grouperSurveyResponses.adoc
@@ -0,0 +1,19 @@
+=== grouperSurveyResponse.adoc
+
+
+*- Responses to Grouper Survey Initial Recommentations -*
+
+Ensure that each 'page' or unit of documentation carries helpful metadata (tags, keywords, with a controlled vocabulary of primary terms)
+
+- type of documentation: How-to, tutorial, reference, explanation (ConOps)
+- context: Deployment, Tech Dev & Integration, Administration, data structures, UI guides
+- other keywords to support search terms
+- versions to which documentation applies (e.g. Grouper >= 4.7)
+- links to related documentation units
+- date created, date last modified
+
+The above categories align fairly well with the responses to the "Improvement Priority" question on the Grouper Survey
+
+Keep in mind creation and maintenance costs when formulating documentation guidelines
+
+*- Harvest Slack problem posed and solutions offered on Slack; Collect in a well-known documentation resource-*
From 468bdb878e5ac17e209852723333d629fff861ad Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 12 Oct 2023 14:30:10 -0500
Subject: [PATCH 096/126] Update grouperSurveyResponses.adoc
---
grouperSurveyResponses.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grouperSurveyResponses.adoc b/grouperSurveyResponses.adoc
index 6934faa..c4177c2 100644
--- a/grouperSurveyResponses.adoc
+++ b/grouperSurveyResponses.adoc
@@ -16,4 +16,4 @@ The above categories align fairly well with the responses to the "Improvement Pr
Keep in mind creation and maintenance costs when formulating documentation guidelines
-*- Harvest Slack problem posed and solutions offered on Slack; Collect in a well-known documentation resource-*
+*- Harvest Slack problems posed and solutions offered on Slack; Collect in a well-known documentation resource -*
From 454ac106bac81fc0530df27b60f952d89d8d3d0d Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 12 Oct 2023 16:13:31 -0500
Subject: [PATCH 097/126] Update grouperSurveyResponses.adoc
---
grouperSurveyResponses.adoc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grouperSurveyResponses.adoc b/grouperSurveyResponses.adoc
index c4177c2..900ca72 100644
--- a/grouperSurveyResponses.adoc
+++ b/grouperSurveyResponses.adoc
@@ -16,4 +16,7 @@ The above categories align fairly well with the responses to the "Improvement Pr
Keep in mind creation and maintenance costs when formulating documentation guidelines
-*- Harvest Slack problems posed and solutions offered on Slack; Collect in a well-known documentation resource -*
+*- Harvest Slack problems posed and solutions offered on Slack; -*
+
+- Collect in a well-known, well-organized documentation resource
+- Addresses the "Same question 100 times" problem
From 1d19c83e28ffc10cc05f33dbee18bee18b0fbec4 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 18 Oct 2023 12:58:51 -0500
Subject: [PATCH 098/126] Add files via upload
---
docSystem.adoc | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 docSystem.adoc
diff --git a/docSystem.adoc b/docSystem.adoc
new file mode 100644
index 0000000..8e53b47
--- /dev/null
+++ b/docSystem.adoc
@@ -0,0 +1,77 @@
+docSystems.adoc
+
+
+- - -
+_2023-10-18 12:03 chat w SteveZ_
+
+I associate hierarchy with
+
+- The organization of a book,
+ - logical sequence of topics,
+ - simple to complex
+ - (book, chapter, verse,..)
+
+- Tree of life (sub-class relations) Kingdom,Phylum,C,O,F,Genus,Species https://images.squarespace-cdn.com/content/5f02d28f35d64d2a5022eeb1/ed2fcad4-bf94-494e-90cc-647d8943a630/30.png?format=1500w&content-type=image%2Fpng[]
+
+
+- - -
+I'd appreciate your reactions to some thoughts I had about the Grouper Survey Initial Recommendations: https://docs.google.com/document/d/1uWRomgUflT6Ec03vo-tL795XUUr2HdpU0WrVLZC-Yvs/edit?usp=sharing[]
+
+Page Warnings
+- Experimental
+- Since
+- Deprecated
+- Obsolete
+- Replaced By
+- Outdated
+
+
+*- Steve Zoppi -*
+
+I have a similar "sense" of those taxonomies from the survey feedback too...
+
+I think that the missing "prescription" is how to maintain documentation in alignment with the version - so right now (the way you've written it up) it lacks the information hierarchy ands presumes "tagging" may be the primary means of categorizing a given article or document.
+
+The thing I'm wrestling with (in my head) is
+- the _information hierarchy_ that encapsulates _each group_ of documents.
+
+I don't have good answers (yet) but I'm considering that there needs to be
+- _two branches_ (at least) of hierarchy:
+(1) Global/Persistent Concepts and Facilities artifacts/documents/articles
+(2) Ephemeral/Version-bound artifacts/documents/articles.
+
+- - -
+_2023-04-06 11:18:07 Setting up evolveum-like doc site_
+
+https://docs.evolveum.com/about/jekyll-environment/[] <- install, config, build, run jekyll site +
+
+*- local jekyll instance of Evolveum Docs running: -*
+
+http://localhost:4000/ +
+
+- - -
+_2023-04-04 11:28:40 adding commenting to a static site_
+
+https://github.com/eduardoboucas/staticman[] <- open source commenting system +
+https://staticman.net/docs/index.html[] +
+https://mademistakes.com/mastering-jekyll/static-comments-improved/[] <- staticman plus +
+
+https://averagelinuxuser.com/static-website-commenting/[] +
+https://docs.evolveum.com/about/jekyll-environment/[] +
+
+https://remark42.com/docs/getting-started/installation/[] +
+
+https://simondosda.github.io/posts/2021-09-13-blog-github-pages-1-introduction.html[] +
+... +
+https://simondosda.github.io/posts/2021-09-17-blog-github-pages-5-comment-1.html[] +
+https://simondosda.github.io/posts/2021-09-18-blog-github-pages-6-comment-2.html[] +
+
+- - -
+_2023-04-03 13:11:12 evolveum approach to documentation_
+
+https://docs.evolveum.com/about/writing-documentation/[] <- ref manual for Evolveum Documentation +
+https://docs.evolveum.com/about/jekyll-environment/[] <- setting up jekyll
+https://github.com/Evolveum/docs/[] <- Source Code of Evolveum Documentation Site +
+https://docs.evolveum.com/about/asciidoc/[] +
+
+- - -
\ No newline at end of file
From 99f3b4aa5034930d94b1f03da90874aadb2dfb73 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 20 Oct 2023 14:25:31 -0500
Subject: [PATCH 099/126] Update docSystem.adoc
---
docSystem.adoc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docSystem.adoc b/docSystem.adoc
index 8e53b47..e3baed3 100644
--- a/docSystem.adoc
+++ b/docSystem.adoc
@@ -13,6 +13,7 @@ I associate hierarchy with
- Tree of life (sub-class relations) Kingdom,Phylum,C,O,F,Genus,Species https://images.squarespace-cdn.com/content/5f02d28f35d64d2a5022eeb1/ed2fcad4-bf94-494e-90cc-647d8943a630/30.png?format=1500w&content-type=image%2Fpng[]
+.
- - -
I'd appreciate your reactions to some thoughts I had about the Grouper Survey Initial Recommendations: https://docs.google.com/document/d/1uWRomgUflT6Ec03vo-tL795XUUr2HdpU0WrVLZC-Yvs/edit?usp=sharing[]
@@ -74,4 +75,4 @@ https://docs.evolveum.com/about/jekyll-environment/[] <- setting up jekyll
https://github.com/Evolveum/docs/[] <- Source Code of Evolveum Documentation Site +
https://docs.evolveum.com/about/asciidoc/[] +
-- - -
\ No newline at end of file
+- - -
From dddbe315c4f40d929c6136b41c84362d05dc222d Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 13:46:38 -0600
Subject: [PATCH 100/126] MBProMax
---
.DS_Store | Bin 6148 -> 10244 bytes
.nojekyll | 0
IAMfuncGTAAsurvey.adoc | 290 ++++++++++++++++++
docs/.nojekyll | 0
.../Documentation-as-DevOps.adoc | 0
GrouperDMview.adoc => docs/GrouperDMview.adoc | 0
README.adoc => docs/README.adoc | 0
docs/README.md | 3 +
.../Screenshot 2023-02-23 at 14.55.33.png | Bin
.../WebAuthNiamOnline.txt | 0
.../asciidocTemplate.adoc | 0
.../async-msg-resources.adoc | 0
.../comanage-wb-registry.adoc | 0
.../connector-howto.adoc | 0
connectors.adoc => docs/connectors.adoc | 0
.../csv-resource-def.adoc | 0
dataMgmt.adoc => docs/dataMgmt.adoc | 0
docToolRec.adoc => docs/docToolRec.adoc | 0
docuwiki.adoc => docs/docuwiki.adoc | 0
f2f-midpoint.adoc => docs/f2f-midpoint.adoc | 0
...d-and-federation-ready-enterprise-ids.adoc | 0
.../grouper-midpoint-testing.adoc | 0
.../grouperNewData.adoc | 0
iam-features.adoc => docs/iam-features.adoc | 0
iam-func-list.adoc => docs/iam-func-list.adoc | 0
.../iam-functions-list.adoc | 0
iamPatterns.adoc => docs/iamPatterns.adoc | 0
.../identifier-guidance.adoc | 0
iga-grouper.adoc => docs/iga-grouper.adoc | 0
docs/index.html | 22 ++
its.adoc => docs/its.adoc | 0
kh-bk-links.adoc => docs/kh-bk-links.adoc | 0
.../markdown-asciidoc.adoc | 0
.../midpoint-db-table-res-def.adoc | 0
midscribe.adoc => docs/midscribe.adoc | 0
.../mp-grouper-package.adoc | 0
mp-ldap-howto.adoc => docs/mp-ldap-howto.adoc | 0
oidc.adoc => docs/oidc.adoc | 0
.../person-identifiers.adoc | 0
.../perydAffilFwork.adoc | 0
.../perydAffilFwork.adoc1 | 0
.../plantuml-c4-structurizr.adoc | 0
ps2grouper.adoc => docs/ps2grouper.adoc | 0
.../recoveredDocToolRec.adoc | 0
shibM.adoc => docs/shibM.adoc | 0
siwg-2023.adoc => docs/siwg-2023.adoc | 0
siwg-extracts.adoc => docs/siwg-extracts.adoc | 0
.../sor-to-access-policy.adoc | 0
.../tap-azure-ad-iam.adoc | 0
.../test-data-howto.adoc | 0
thoughts.adoc => docs/thoughts.adoc | 0
index.html | 12 -
52 files changed, 315 insertions(+), 12 deletions(-)
create mode 100644 .nojekyll
create mode 100644 IAMfuncGTAAsurvey.adoc
create mode 100644 docs/.nojekyll
rename Documentation-as-DevOps.adoc => docs/Documentation-as-DevOps.adoc (100%)
rename GrouperDMview.adoc => docs/GrouperDMview.adoc (100%)
rename README.adoc => docs/README.adoc (100%)
create mode 100644 docs/README.md
rename Screenshot 2023-02-23 at 14.55.33.png => docs/Screenshot 2023-02-23 at 14.55.33.png (100%)
rename WebAuthNiamOnline.txt => docs/WebAuthNiamOnline.txt (100%)
rename asciidocTemplate.adoc => docs/asciidocTemplate.adoc (100%)
rename async-msg-resources.adoc => docs/async-msg-resources.adoc (100%)
rename comanage-wb-registry.adoc => docs/comanage-wb-registry.adoc (100%)
rename connector-howto.adoc => docs/connector-howto.adoc (100%)
rename connectors.adoc => docs/connectors.adoc (100%)
rename csv-resource-def.adoc => docs/csv-resource-def.adoc (100%)
rename dataMgmt.adoc => docs/dataMgmt.adoc (100%)
rename docToolRec.adoc => docs/docToolRec.adoc (100%)
rename docuwiki.adoc => docs/docuwiki.adoc (100%)
rename f2f-midpoint.adoc => docs/f2f-midpoint.adoc (100%)
rename future-proofed-and-federation-ready-enterprise-ids.adoc => docs/future-proofed-and-federation-ready-enterprise-ids.adoc (100%)
rename grouper-midpoint-testing.adoc => docs/grouper-midpoint-testing.adoc (100%)
rename grouperNewData.adoc => docs/grouperNewData.adoc (100%)
rename iam-features.adoc => docs/iam-features.adoc (100%)
rename iam-func-list.adoc => docs/iam-func-list.adoc (100%)
rename iam-functions-list.adoc => docs/iam-functions-list.adoc (100%)
rename iamPatterns.adoc => docs/iamPatterns.adoc (100%)
rename identifier-guidance.adoc => docs/identifier-guidance.adoc (100%)
rename iga-grouper.adoc => docs/iga-grouper.adoc (100%)
create mode 100644 docs/index.html
rename its.adoc => docs/its.adoc (100%)
rename kh-bk-links.adoc => docs/kh-bk-links.adoc (100%)
rename markdown-asciidoc.adoc => docs/markdown-asciidoc.adoc (100%)
rename midpoint-db-table-res-def.adoc => docs/midpoint-db-table-res-def.adoc (100%)
rename midscribe.adoc => docs/midscribe.adoc (100%)
rename mp-grouper-package.adoc => docs/mp-grouper-package.adoc (100%)
rename mp-ldap-howto.adoc => docs/mp-ldap-howto.adoc (100%)
rename oidc.adoc => docs/oidc.adoc (100%)
rename person-identifiers.adoc => docs/person-identifiers.adoc (100%)
rename perydAffilFwork.adoc => docs/perydAffilFwork.adoc (100%)
rename perydAffilFwork.adoc1 => docs/perydAffilFwork.adoc1 (100%)
rename plantuml-c4-structurizr.adoc => docs/plantuml-c4-structurizr.adoc (100%)
rename ps2grouper.adoc => docs/ps2grouper.adoc (100%)
rename recoveredDocToolRec.adoc => docs/recoveredDocToolRec.adoc (100%)
rename shibM.adoc => docs/shibM.adoc (100%)
rename siwg-2023.adoc => docs/siwg-2023.adoc (100%)
rename siwg-extracts.adoc => docs/siwg-extracts.adoc (100%)
rename sor-to-access-policy.adoc => docs/sor-to-access-policy.adoc (100%)
rename tap-azure-ad-iam.adoc => docs/tap-azure-ad-iam.adoc (100%)
rename test-data-howto.adoc => docs/test-data-howto.adoc (100%)
rename thoughts.adoc => docs/thoughts.adoc (100%)
delete mode 100644 index.html
diff --git a/.DS_Store b/.DS_Store
index d9e26b64781afbddf4f9f35652240be6af75ecf3..88daab5cd545fbcfbb48b5d0d0a9bbf6c40e1e48 100644
GIT binary patch
literal 10244
zcmeHMTWl0n7(V}WTW09c4$#^bJFsaX0&dH;m9%n6w(VBA7ul9>%Vn9}8QOu_nX)sx
zEtZ<b#0OC{K56h0c~Ug;pd!YYXd(#usAz&QK43KJ3nuWQ^58$`%(lBN_#}wQoMg^_
z{@b~H^Z#@9oF#-nS5|EyBuEJ1@o}jnVs(q+>fL8f;XH|i6wsd-!!5Ctl^&gA=?i=W
zd<1+1d<1+1d<5<l1aQxG3t!HtU;7C72>1w0BjA1?g7~;J;?XHa>8ArLdIUfkKrt=Y
zc8>$DPtc<gk4`a)8Z5wEkuq2Cju^n)Q6BW{A|9P$l(`e|4j<r+4BiO^=;+vgkeU;S
zFzVMn0zLwB5pdHbK$^)g(TP)Zey^zNE7YZ}Xf$b9NtE$7PTpL$?c?*E#d`H0^`j#N
zcLSC5iXcE#Vv!WFlVkR%*Y~;PsG-|VIQ%VeC4thic|6aT^ZQ~W)>zC@oUGlYWcIjR
zpJf@zd|OHG*0r&ORMl;nj-s1dhC1k~h9-LlbW^p)x~#0J+SE736uck^38`jcVr_dU
z*xEK33Qn|y!!4m;d$?_KQsAo_*R0=_IBcX%>uFpn7Vy44WC7!+>*Ls(UXEesy4i9{
zV)^BKmtT%Bzg%1(55xzD_J|2-Q4Z(bJL>3`Y46rDHqwMtY2*4frz~@4MsxK8Da**F
zO*<hiOesbxYbcJ^X&5p6aSdgab}C~T#!k!D-EIcsjyCSNx;d)&kZon0ZrWK~$Nrg>
zl(n^88g{DZv?z9MS4}UAH9$C1QL}9M%BI%#4UwMB+aJ4JDJ@*ISgaO@5J=O}59(TG
zP_a{*sp{r%|Cp{iBLg|z){}<TXDVq;SO_8Ea%FAZlKbmrnHkJD<W1w*q<$o;J4dBP
zo~L63<py!DigVg-sqQE$FP+7HaP$>&gS^MpbZ0cIRnK9S{Gixp<KlTqVTR3OSnNBD
z5g<r5leCFz<$gm+YK9=GY@7~pojj0Z_zTijCfq1i%W=HUO5+l3fyp}MZh5~u>^8-A
zdPg<Wozf+ydjxeu_K1?vddDyVy%}vmDSf3Vcb$4v-La?=(b&--%Y$xrovKRLu%x!G
zQjW>}yz~{HkR;vA=@|9+T3PV(jgkHAois*PdyV|dqChuB!i*PiKb1)<iIQ#P0LhRE
za)P`>PLcP?1@bxhhWtQ&CD+Lx08j?=U_O*X6)b_}5Q4SP4ju3?bU`odgk2DWy)Xhg
z90D80;V4YNF?b4&!!vLKo`V<RRd@|vhg0wtybJHaS@-}xflKfOd<kE}RrnEpf}i0U
z{0V=-O|F!y;cB@$u7L}2O<XhA&UJ9>xb@r)u9u5*3U`RJxN)`sE}v@q@(c9jN0An$
zn)l`4&fGfH>L1;-dCS)SPpVz1pvhHLeP2y*#p*Q=b!_aM4nh{S`9LiUe;V^enL=Zp
z#>A|6y-c%ET)Hfub~A~{60;wZMH}bcoR#Kz){V<~OctrsV^^+1cB@pz*!res9urgI
zC@a>twh5SiQi;blwId6R5!Y`JFcGDI$1aT^ODI!cAML?zE=l~q73EjRRq_k@o!rDI
zuYko+3lBgTW4jAB!44YTG3bZ=kbnb_1QpU?f(1t~&X2()JONYiBu4qO80XK!3vd!%
zhF37w-+(vaG`tP(V5Fae58)&D49>#^xah_F_ZacN!Sz{DyuCPz;YMK;=VBStu*_kU
zxltb=2XQwxh*q>82Tors)D`Z>*Xj!PW6w8j&Fsgw(iiQ=rSw;G8IGDJ3jP+*h+Q;x
z+2Ih5U8FA@f0Z*m{w$lBIo!^sXdY#s;xK;k5%3Z45%3Z45%3YXg9wzczJu=lf6wjz
z|G$GX@VoXA@Dcd05r9B67VW}W<d595C*<C>2k|+8k6T>3DMqOaR`fa^DZP$I#=VYT
niH~dRT}jY(#FI@iO5M?hx+A?ye+JycS8e|J-#`D~jr0HC=Ar~t
delta 112
zcmZn(XfcprU|?W$DortDU=RQ@Ie-{MGjUE#6q~50$jGxXU^gQp&tx8f+RY2a>sS}F
ub8rYU162Tl05_0u1u5Q`_?>w&zltNsGzLZn1{M&_1ThXQwmF_>4l@Aq01!d|
diff --git a/.nojekyll b/.nojekyll
new file mode 100644
index 0000000..e69de29
diff --git a/IAMfuncGTAAsurvey.adoc b/IAMfuncGTAAsurvey.adoc
new file mode 100644
index 0000000..ea3a237
--- /dev/null
+++ b/IAMfuncGTAAsurvey.adoc
@@ -0,0 +1,290 @@
+
+===== Identity Provisioning Category (1)
+- Identity Matching
+** Does the product provide an identity matching service?
+
+** Describe how the identity matching service is configured, and any scoring or weighting of attributes?
+
+** Describe how low quality matches are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them.?
+
+** Can the matching service be run against an existing population seeking duplicates?
+
+** Does the product have the ability to use an external matching service?
+
+** Describe the configuration of the external service.
+
+** Describe how low quality matches indications are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them?
+
+** Describe and standards that are used in messaging or APIs for matching services.
+
+- User Name Assignment
+
+** Does the product support user selected usernames?, if so, how are attempted duplicates handled.
+
+** Does the product support generated usernames?, if so, describe the options and configuration
+
+** Does the product support enrollment of new users?, if so, please describe the configuration of the enrollment portal, and any support for workflow.
+
+** Describe how the product handles username changes, including support for namespace protection and auditing, and any workflows?
+
+** Describe how the product can communicate username changes to other systems that might need to be informed?
+
+- Identifiers
+
+** Describe how the your product handles the creation of Identifiers.
+
+** Describe how does the product handles the use of external vs internal identifiers ?
+
+** Describe how the product maintain immutable/opaque identifiers that are used system to system ? How do these identifiers help when user id's change ?
+
+- Social Id
+
+** Describe the product support for social IDs (Facebook, Google, etc.) in place of local identities.
+
+** Describe the product support for social IDs that are connected to local identities.
+
+** Describe whether social ID can be a step in onboarding/offboarding?
+
+** Describe how does the product consider Level of Assurance LOA when using social IDs.?
+
+** Describe Identity Matching even with Identity matching, even with social ID
+
+
+
+===== Credential Provisioning Category (2)
+- Password Rules and Policies
+
+** Describe how the product the support of limiting the number of different passwords that users need to remember to one central password connected to a central password store or if you have multiple password stores of the same password, how does the product synchronize it?
+
+** Describe the password policies you support with regard to complexity, length, and any dictionary checks. Include character classes supported in complexity checks.
+
+** Does the product support flexible password policy based on password length? For example support pass phrases but requiring additional character sets for shorter passwords..
+
+** Describe the products support for password expiration, including any support for flexible expiration based on grouping, assurance, or other factors such as password quality.
+
+** Describe how the product conveys password quality to end users?
+
+** Describe how the product meets accessibility guidelines?
+
+** Describe how does the product deal with passwordless?
+
+- Password Setting/Activation
+
+** Describe how the product assures initial password setting is being done by the appropriate authority, such as invitations, one time and/or short lived tokens etc.
+
+** Describe the products support for terms of use and informed consent when getting a credential.
+
+** What platforms are supported for end user devices setting initial and subsequent passwords, including any required technologies.
+
+** Describe any features your product has to deter attacks on unclaimed credentials.
+
+** Describe how the product works with identity proofing during the account claiming process?
+
+- Authentication Types (Factors)
+
+** Describe the support for certificate based authentication.
+
+** Describe the product support for multifactor enrollment, specifying supported technologies and products, explicitly address U2F support.
+
+** Describe any support you have for challenge response questions.
+
+** Describe any unlisted additional authentication factors, and any features that help user recognition such as image validation.
+
+** How does the product handle loss of a (perhaps only) two factor device, such as one time tokens?
+
+- Provisioning/De-provisioning of credential
+
+** Describe how the product enforces control over provisioning password to a SP when Federation option is available?
+
+** Describe the states supported by the product for credentials, such as open, expired, disabled, locked/unlocked, security deny, etc.
+
+** Describe any workflow available for deprovisioning, time based, approval based, and any attribute or membership checks that can be used for deprovisioning workflow.
+
+** Describe any controls for sanity checks in your product to prevent accidental mass deprovisioning.
+
+** Describe the administrative capabilities the product has for deprovisioning and deprovisioning intervention, include any delegation features.
+
+** Describe how the product handles deprovisioning of credentials w/r/t propagation to multiple credential stores.?
+
+** Describe how the product handles de-provisioning of MFA (Authentication methods) after the user is no longer active and how do deal with re-provisioning when the same user returns?
+
+===== Service Provisioning (3)
+- Provisioning/Reconciliation
+
+** Describe how does the product ensure that source and destination are in sync?
+
+** Describe both targeted and full reconciliation (fully match accounts). Incremental vs full.
+
+** Describe how does the product identify and handle orphan accounts ?
+
+** Describe how the product handles manual intervention by an admin.
+
+** How flexible is customization of the IDM connector that provisions the account?
+
+** Does the product support a threshold to alert for large quantity of updates?
+
+- JIT/JIC (Cloud Services)
+
+** Describe how the product integrate with a “Just-in-Time” provisioning model-- on demand provisioning when the user logs in. How does you product learn about this access from IGA perspective?
+
+** Describe how you support the “Just-in-Case” provisioning model in relation to the Cloud Services?
+
+- WorkFlows
+
+** Describe how the product handles automated workflows.?
+
+** Describe how the product supports end-user self-service workflows.
+
+** Describe how does your product support the Workflow-based provisioning model in general.
+
+- Deprovisioning and repatriation
+
+** Describe how the your product handle a service account de-provisioning with flexibility ( account disabled vs account remove) in accordance with the service and business needs?
+
+** Describe how the product triggers deprovisioning to a service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Describe how the product supports repatriating a service account from institutional to personal.
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+- Life Cycle
+
+** Describe how does the product captures changes in affiliations/roles that matter for service entitlements?
+
+** Describe how does the product handle grace periods used in extending services to users beyond a specific period of time . Does the product have a Business Rule Engine to handle this need?
+
+** Does the product support the establishments of policies and processes to reinstate disabled identities/services?
+
+===== Target directory provisioning Category (4)
+- Linking identities between directories or services
+** Describe how the product links an identity in a source directory to the same identity in the target (and service?)
+
+** Are your user linkage attributes characterized as follows:
+
+*** Immutable
+*** Static
+*** Globally unique
+
+** What is the process of account matching if accounts already exist?
+
+- Reconciliation
+** How does the product ensure the target directory or service has state in sync with the source?
+
+** Does the product support rollback or transaction?
+
+** Does the product support incremental/full sync with the target directories ?
+
+- Deprovisioning and repatriation
+** Describe how the product triggers deprovisioning of identities in a target directory or service.
+
+** Describe the process of deprovisioning identities in a target directory or service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+===== Roles and Groups Category (5)+
+- Type of Roles/Groups
+** Describe how the product support RBAC/ABAC/Groups models ?
+
+** Describe how the product supports a list of definable /extendible groups/roles?.
+
+
+** Describe how the product supports a hierarchy of groups (i.e., nesting and relationships between groups/roles)
+
+** What upstream data sources does the product readily support to derive roles/groups?
+
+** Does the product support sets of groups/roles associated together? (i.e., base, exceptions, includes/excludes).
+
+- Administration
+** Describe delegated access administration features for group management.
+
+** How does the product deal with “orphaned” delegation? (When previous admins are no longer there.)
+
+** Does the product provide APIs that would allow an external group and access management tool to drive your product’s groups and group memberships?
+
+** Does the product support attribute-based (ABAC) or role-based (RBAC) concepts to drive groups and group membership?
+
+** Can groups have permissions associated with them?
+
+** What sort of attributes or metadata about groups are available?
+
+** Does the product support automatic review of roles/groups (attestation)
+
+** How does the product expose or link groups or roles for fine-grained service authorizations?
+
+- Guidance for architecting
+** How does your product define a default role or template (set of groups) for new entities?
+
+** Does the product provide any tool for role mining ?
+
+** Does the product provide a deployment /architecture guidelines for implementing roles/groups ?
+
+===== Reporting/Auditing Category (6)+
+- Integration with External Reporting Engine
+** Does the product support the export of data to external sources for building reports?
+
+- Target Systems
+** Does the product support reports on:
+
+*** Access for an application (target system)
+
+*** All access for a user, all users in a unit, all users for a supervisor
+
+*** Elevated or high-risk access
+
+*** Separation of Duties
+
+- Auditing
+** Can the product provide a tool to compare intended provisioning to the actual state of an application on demand?
+
+** Does the product audit changes made within it (eg, who made a change to group membership logic when, and what the change was)?
+
+** Does the product support Separation of Duties audits?
+ (If you do access reviews / attestations) does the product provide adequate support?
+
+*** review by person, unit, application
+
+*** review of only manually-decided access, exceptions only, etc
+
+** Can audit results include “comments” (eg, “access being removed because …”) that become part of the record
+
+** Can the auditing work with an external ticketing system (eg, ServiceNow, Remedy)
+
+** How does the product define and schedule reviews, notify and remind reviewers, etc? Can the product send emails and/or use an external ticketing system? Are reviews done within the product, or in a document sent to the reviewer?
+
+** How does the reviewer to report results? Is the effort required proportional to the number of changes?
+
+** Does the product support workflows, logic, etc. needed to implement access changes determined by a review?
+
+===== Cost/Vendor Considerations Category (7)+
+- On Going Maintenance/Cost
+** What is the product on-goin service support contract structure ?
+
+** What is the Software licensing cost structure (Enterprise vs non)?
+
+** If one of the product license model is pay-per-active-account , how does the product consider the following populations? :
+*** Alumni users
+*** Guest users
+*** Extended Community users (Parents, Propsect Students , Applicants, Continuing Ed students ,ec..)
+*** Social identities that are linked to Idm system
+
+** Does the product provide any Higher Ed discount ?
+
+- Vendor Stability
+** How long is the product being in the market ?
+
+** How many Higher Ed clients does the product have ?
+
+- Ease Of Deployment
+** Ease of Deployment under the following categories:
+*** Software Package
+*** Cloud ready
+*** Containers/orchestration support
+*** Install from binary
+*** Install from source code
+*** Security Updates
+*** Patch updates
+*** Install/Deploy/Tuning Documentations
diff --git a/docs/.nojekyll b/docs/.nojekyll
new file mode 100644
index 0000000..e69de29
diff --git a/Documentation-as-DevOps.adoc b/docs/Documentation-as-DevOps.adoc
similarity index 100%
rename from Documentation-as-DevOps.adoc
rename to docs/Documentation-as-DevOps.adoc
diff --git a/GrouperDMview.adoc b/docs/GrouperDMview.adoc
similarity index 100%
rename from GrouperDMview.adoc
rename to docs/GrouperDMview.adoc
diff --git a/README.adoc b/docs/README.adoc
similarity index 100%
rename from README.adoc
rename to docs/README.adoc
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000..da2056b
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,3 @@
+# Headline
+
+> An awesome project.
diff --git a/Screenshot 2023-02-23 at 14.55.33.png b/docs/Screenshot 2023-02-23 at 14.55.33.png
similarity index 100%
rename from Screenshot 2023-02-23 at 14.55.33.png
rename to docs/Screenshot 2023-02-23 at 14.55.33.png
diff --git a/WebAuthNiamOnline.txt b/docs/WebAuthNiamOnline.txt
similarity index 100%
rename from WebAuthNiamOnline.txt
rename to docs/WebAuthNiamOnline.txt
diff --git a/asciidocTemplate.adoc b/docs/asciidocTemplate.adoc
similarity index 100%
rename from asciidocTemplate.adoc
rename to docs/asciidocTemplate.adoc
diff --git a/async-msg-resources.adoc b/docs/async-msg-resources.adoc
similarity index 100%
rename from async-msg-resources.adoc
rename to docs/async-msg-resources.adoc
diff --git a/comanage-wb-registry.adoc b/docs/comanage-wb-registry.adoc
similarity index 100%
rename from comanage-wb-registry.adoc
rename to docs/comanage-wb-registry.adoc
diff --git a/connector-howto.adoc b/docs/connector-howto.adoc
similarity index 100%
rename from connector-howto.adoc
rename to docs/connector-howto.adoc
diff --git a/connectors.adoc b/docs/connectors.adoc
similarity index 100%
rename from connectors.adoc
rename to docs/connectors.adoc
diff --git a/csv-resource-def.adoc b/docs/csv-resource-def.adoc
similarity index 100%
rename from csv-resource-def.adoc
rename to docs/csv-resource-def.adoc
diff --git a/dataMgmt.adoc b/docs/dataMgmt.adoc
similarity index 100%
rename from dataMgmt.adoc
rename to docs/dataMgmt.adoc
diff --git a/docToolRec.adoc b/docs/docToolRec.adoc
similarity index 100%
rename from docToolRec.adoc
rename to docs/docToolRec.adoc
diff --git a/docuwiki.adoc b/docs/docuwiki.adoc
similarity index 100%
rename from docuwiki.adoc
rename to docs/docuwiki.adoc
diff --git a/f2f-midpoint.adoc b/docs/f2f-midpoint.adoc
similarity index 100%
rename from f2f-midpoint.adoc
rename to docs/f2f-midpoint.adoc
diff --git a/future-proofed-and-federation-ready-enterprise-ids.adoc b/docs/future-proofed-and-federation-ready-enterprise-ids.adoc
similarity index 100%
rename from future-proofed-and-federation-ready-enterprise-ids.adoc
rename to docs/future-proofed-and-federation-ready-enterprise-ids.adoc
diff --git a/grouper-midpoint-testing.adoc b/docs/grouper-midpoint-testing.adoc
similarity index 100%
rename from grouper-midpoint-testing.adoc
rename to docs/grouper-midpoint-testing.adoc
diff --git a/grouperNewData.adoc b/docs/grouperNewData.adoc
similarity index 100%
rename from grouperNewData.adoc
rename to docs/grouperNewData.adoc
diff --git a/iam-features.adoc b/docs/iam-features.adoc
similarity index 100%
rename from iam-features.adoc
rename to docs/iam-features.adoc
diff --git a/iam-func-list.adoc b/docs/iam-func-list.adoc
similarity index 100%
rename from iam-func-list.adoc
rename to docs/iam-func-list.adoc
diff --git a/iam-functions-list.adoc b/docs/iam-functions-list.adoc
similarity index 100%
rename from iam-functions-list.adoc
rename to docs/iam-functions-list.adoc
diff --git a/iamPatterns.adoc b/docs/iamPatterns.adoc
similarity index 100%
rename from iamPatterns.adoc
rename to docs/iamPatterns.adoc
diff --git a/identifier-guidance.adoc b/docs/identifier-guidance.adoc
similarity index 100%
rename from identifier-guidance.adoc
rename to docs/identifier-guidance.adoc
diff --git a/iga-grouper.adoc b/docs/iga-grouper.adoc
similarity index 100%
rename from iga-grouper.adoc
rename to docs/iga-grouper.adoc
diff --git a/docs/index.html b/docs/index.html
new file mode 100644
index 0000000..04dd4a7
--- /dev/null
+++ b/docs/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Document</title>
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+ <meta name="description" content="Description">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
+ <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/docsify@4/lib/themes/vue.css">
+</head>
+<body>
+ <div id="app"></div>
+ <script>
+ window.$docsify = {
+ name: '',
+ repo: ''
+ }
+ </script>
+ <!-- Docsify v4 -->
+ <script src="//cdn.jsdelivr.net/npm/docsify@4"></script>
+</body>
+</html>
diff --git a/its.adoc b/docs/its.adoc
similarity index 100%
rename from its.adoc
rename to docs/its.adoc
diff --git a/kh-bk-links.adoc b/docs/kh-bk-links.adoc
similarity index 100%
rename from kh-bk-links.adoc
rename to docs/kh-bk-links.adoc
diff --git a/markdown-asciidoc.adoc b/docs/markdown-asciidoc.adoc
similarity index 100%
rename from markdown-asciidoc.adoc
rename to docs/markdown-asciidoc.adoc
diff --git a/midpoint-db-table-res-def.adoc b/docs/midpoint-db-table-res-def.adoc
similarity index 100%
rename from midpoint-db-table-res-def.adoc
rename to docs/midpoint-db-table-res-def.adoc
diff --git a/midscribe.adoc b/docs/midscribe.adoc
similarity index 100%
rename from midscribe.adoc
rename to docs/midscribe.adoc
diff --git a/mp-grouper-package.adoc b/docs/mp-grouper-package.adoc
similarity index 100%
rename from mp-grouper-package.adoc
rename to docs/mp-grouper-package.adoc
diff --git a/mp-ldap-howto.adoc b/docs/mp-ldap-howto.adoc
similarity index 100%
rename from mp-ldap-howto.adoc
rename to docs/mp-ldap-howto.adoc
diff --git a/oidc.adoc b/docs/oidc.adoc
similarity index 100%
rename from oidc.adoc
rename to docs/oidc.adoc
diff --git a/person-identifiers.adoc b/docs/person-identifiers.adoc
similarity index 100%
rename from person-identifiers.adoc
rename to docs/person-identifiers.adoc
diff --git a/perydAffilFwork.adoc b/docs/perydAffilFwork.adoc
similarity index 100%
rename from perydAffilFwork.adoc
rename to docs/perydAffilFwork.adoc
diff --git a/perydAffilFwork.adoc1 b/docs/perydAffilFwork.adoc1
similarity index 100%
rename from perydAffilFwork.adoc1
rename to docs/perydAffilFwork.adoc1
diff --git a/plantuml-c4-structurizr.adoc b/docs/plantuml-c4-structurizr.adoc
similarity index 100%
rename from plantuml-c4-structurizr.adoc
rename to docs/plantuml-c4-structurizr.adoc
diff --git a/ps2grouper.adoc b/docs/ps2grouper.adoc
similarity index 100%
rename from ps2grouper.adoc
rename to docs/ps2grouper.adoc
diff --git a/recoveredDocToolRec.adoc b/docs/recoveredDocToolRec.adoc
similarity index 100%
rename from recoveredDocToolRec.adoc
rename to docs/recoveredDocToolRec.adoc
diff --git a/shibM.adoc b/docs/shibM.adoc
similarity index 100%
rename from shibM.adoc
rename to docs/shibM.adoc
diff --git a/siwg-2023.adoc b/docs/siwg-2023.adoc
similarity index 100%
rename from siwg-2023.adoc
rename to docs/siwg-2023.adoc
diff --git a/siwg-extracts.adoc b/docs/siwg-extracts.adoc
similarity index 100%
rename from siwg-extracts.adoc
rename to docs/siwg-extracts.adoc
diff --git a/sor-to-access-policy.adoc b/docs/sor-to-access-policy.adoc
similarity index 100%
rename from sor-to-access-policy.adoc
rename to docs/sor-to-access-policy.adoc
diff --git a/tap-azure-ad-iam.adoc b/docs/tap-azure-ad-iam.adoc
similarity index 100%
rename from tap-azure-ad-iam.adoc
rename to docs/tap-azure-ad-iam.adoc
diff --git a/test-data-howto.adoc b/docs/test-data-howto.adoc
similarity index 100%
rename from test-data-howto.adoc
rename to docs/test-data-howto.adoc
diff --git a/thoughts.adoc b/docs/thoughts.adoc
similarity index 100%
rename from thoughts.adoc
rename to docs/thoughts.adoc
diff --git a/index.html b/index.html
deleted file mode 100644
index cecdf65..0000000
--- a/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
- <head>
- <meta charset="utf-8">
- <title>title</title>
- <link rel="stylesheet" href="style.css">
- <script src="script.js"></script>
- </head>
- <body>
- <!-- page content -->
- </body>
-</html>
From e34a67572afde772dd1cc0b86c36ff336c39411f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 13:53:22 -0600
Subject: [PATCH 101/126] MBProMax
---
IAMfuncGTAAsurvey.adoc => docs/IAMfuncGTAAsurvey.adoc | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename IAMfuncGTAAsurvey.adoc => docs/IAMfuncGTAAsurvey.adoc (100%)
diff --git a/IAMfuncGTAAsurvey.adoc b/docs/IAMfuncGTAAsurvey.adoc
similarity index 100%
rename from IAMfuncGTAAsurvey.adoc
rename to docs/IAMfuncGTAAsurvey.adoc
From 4ce94c10f04e434c7c4c3557b5a769635e156b2f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 13:56:38 -0600
Subject: [PATCH 102/126] Rename IAMfuncGTAAsurvey.adoc to
IAMfuncBTAAsurvey.adoc
---
docs/{IAMfuncGTAAsurvey.adoc => IAMfuncBTAAsurvey.adoc} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename docs/{IAMfuncGTAAsurvey.adoc => IAMfuncBTAAsurvey.adoc} (100%)
diff --git a/docs/IAMfuncGTAAsurvey.adoc b/docs/IAMfuncBTAAsurvey.adoc
similarity index 100%
rename from docs/IAMfuncGTAAsurvey.adoc
rename to docs/IAMfuncBTAAsurvey.adoc
From dbdf50312684979e008d9d1d966704595dc372e9 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 14:04:49 -0600
Subject: [PATCH 103/126] Update IAMfuncBTAAsurvey.adoc
---
docs/IAMfuncBTAAsurvey.adoc | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/IAMfuncBTAAsurvey.adoc b/docs/IAMfuncBTAAsurvey.adoc
index ea3a237..f4befd1 100644
--- a/docs/IAMfuncBTAAsurvey.adoc
+++ b/docs/IAMfuncBTAAsurvey.adoc
@@ -1,5 +1,5 @@
-===== Identity Provisioning Category (1)
+==== Identity Provisioning Category (1)
- Identity Matching
** Does the product provide an identity matching service?
@@ -51,7 +51,7 @@
-===== Credential Provisioning Category (2)
+==== Credential Provisioning Category (2)
- Password Rules and Policies
** Describe how the product the support of limiting the number of different passwords that users need to remember to one central password connected to a central password store or if you have multiple password stores of the same password, how does the product synchronize it?
@@ -108,7 +108,7 @@
** Describe how the product handles de-provisioning of MFA (Authentication methods) after the user is no longer active and how do deal with re-provisioning when the same user returns?
-===== Service Provisioning (3)
+==== Service Provisioning (3)
- Provisioning/Reconciliation
** Describe how does the product ensure that source and destination are in sync?
@@ -157,7 +157,7 @@
** Does the product support the establishments of policies and processes to reinstate disabled identities/services?
-===== Target directory provisioning Category (4)
+==== Target directory provisioning Category (4)
- Linking identities between directories or services
** Describe how the product links an identity in a source directory to the same identity in the target (and service?)
@@ -185,7 +185,7 @@
** Does the product support a threshold to alert for large quantity of changes?
-===== Roles and Groups Category (5)+
+==== Roles and Groups Category (5)+
- Type of Roles/Groups
** Describe how the product support RBAC/ABAC/Groups models ?
@@ -222,7 +222,7 @@
** Does the product provide a deployment /architecture guidelines for implementing roles/groups ?
-===== Reporting/Auditing Category (6)+
+==== Reporting/Auditing Category (6)+
- Integration with External Reporting Engine
** Does the product support the export of data to external sources for building reports?
@@ -259,7 +259,7 @@
** Does the product support workflows, logic, etc. needed to implement access changes determined by a review?
-===== Cost/Vendor Considerations Category (7)+
+==== Cost/Vendor Considerations Category (7)+
- On Going Maintenance/Cost
** What is the product on-goin service support contract structure ?
From 183392092702cf8d064e7a6dd2cd7571812d8961 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 14:08:29 -0600
Subject: [PATCH 104/126] Update IAMfuncBTAAsurvey.adoc
---
docs/IAMfuncBTAAsurvey.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/IAMfuncBTAAsurvey.adoc b/docs/IAMfuncBTAAsurvey.adoc
index f4befd1..d926a69 100644
--- a/docs/IAMfuncBTAAsurvey.adoc
+++ b/docs/IAMfuncBTAAsurvey.adoc
@@ -108,7 +108,7 @@
** Describe how the product handles de-provisioning of MFA (Authentication methods) after the user is no longer active and how do deal with re-provisioning when the same user returns?
-==== Service Provisioning (3)
+==== Service Provisioning Category (3)
- Provisioning/Reconciliation
** Describe how does the product ensure that source and destination are in sync?
From efb9e9a07c792e2a057103329fb099c2c5b2b1f8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 16:47:02 -0600
Subject: [PATCH 105/126] Rename IAMfuncBTAAsurvey.adoc to
IAMfuncBTAAsurvey-0.adoc
---
docs/{IAMfuncBTAAsurvey.adoc => IAMfuncBTAAsurvey-0.adoc} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename docs/{IAMfuncBTAAsurvey.adoc => IAMfuncBTAAsurvey-0.adoc} (100%)
diff --git a/docs/IAMfuncBTAAsurvey.adoc b/docs/IAMfuncBTAAsurvey-0.adoc
similarity index 100%
rename from docs/IAMfuncBTAAsurvey.adoc
rename to docs/IAMfuncBTAAsurvey-0.adoc
From 95025be90e25a47416f2578e14591cc728b01cf4 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 16:54:24 -0600
Subject: [PATCH 106/126] MBProMax
---
docs/foo.adoc | 290 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 290 insertions(+)
create mode 100644 docs/foo.adoc
diff --git a/docs/foo.adoc b/docs/foo.adoc
new file mode 100644
index 0000000..d926a69
--- /dev/null
+++ b/docs/foo.adoc
@@ -0,0 +1,290 @@
+
+==== Identity Provisioning Category (1)
+- Identity Matching
+** Does the product provide an identity matching service?
+
+** Describe how the identity matching service is configured, and any scoring or weighting of attributes?
+
+** Describe how low quality matches are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them.?
+
+** Can the matching service be run against an existing population seeking duplicates?
+
+** Does the product have the ability to use an external matching service?
+
+** Describe the configuration of the external service.
+
+** Describe how low quality matches indications are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them?
+
+** Describe and standards that are used in messaging or APIs for matching services.
+
+- User Name Assignment
+
+** Does the product support user selected usernames?, if so, how are attempted duplicates handled.
+
+** Does the product support generated usernames?, if so, describe the options and configuration
+
+** Does the product support enrollment of new users?, if so, please describe the configuration of the enrollment portal, and any support for workflow.
+
+** Describe how the product handles username changes, including support for namespace protection and auditing, and any workflows?
+
+** Describe how the product can communicate username changes to other systems that might need to be informed?
+
+- Identifiers
+
+** Describe how the your product handles the creation of Identifiers.
+
+** Describe how does the product handles the use of external vs internal identifiers ?
+
+** Describe how the product maintain immutable/opaque identifiers that are used system to system ? How do these identifiers help when user id's change ?
+
+- Social Id
+
+** Describe the product support for social IDs (Facebook, Google, etc.) in place of local identities.
+
+** Describe the product support for social IDs that are connected to local identities.
+
+** Describe whether social ID can be a step in onboarding/offboarding?
+
+** Describe how does the product consider Level of Assurance LOA when using social IDs.?
+
+** Describe Identity Matching even with Identity matching, even with social ID
+
+
+
+==== Credential Provisioning Category (2)
+- Password Rules and Policies
+
+** Describe how the product the support of limiting the number of different passwords that users need to remember to one central password connected to a central password store or if you have multiple password stores of the same password, how does the product synchronize it?
+
+** Describe the password policies you support with regard to complexity, length, and any dictionary checks. Include character classes supported in complexity checks.
+
+** Does the product support flexible password policy based on password length? For example support pass phrases but requiring additional character sets for shorter passwords..
+
+** Describe the products support for password expiration, including any support for flexible expiration based on grouping, assurance, or other factors such as password quality.
+
+** Describe how the product conveys password quality to end users?
+
+** Describe how the product meets accessibility guidelines?
+
+** Describe how does the product deal with passwordless?
+
+- Password Setting/Activation
+
+** Describe how the product assures initial password setting is being done by the appropriate authority, such as invitations, one time and/or short lived tokens etc.
+
+** Describe the products support for terms of use and informed consent when getting a credential.
+
+** What platforms are supported for end user devices setting initial and subsequent passwords, including any required technologies.
+
+** Describe any features your product has to deter attacks on unclaimed credentials.
+
+** Describe how the product works with identity proofing during the account claiming process?
+
+- Authentication Types (Factors)
+
+** Describe the support for certificate based authentication.
+
+** Describe the product support for multifactor enrollment, specifying supported technologies and products, explicitly address U2F support.
+
+** Describe any support you have for challenge response questions.
+
+** Describe any unlisted additional authentication factors, and any features that help user recognition such as image validation.
+
+** How does the product handle loss of a (perhaps only) two factor device, such as one time tokens?
+
+- Provisioning/De-provisioning of credential
+
+** Describe how the product enforces control over provisioning password to a SP when Federation option is available?
+
+** Describe the states supported by the product for credentials, such as open, expired, disabled, locked/unlocked, security deny, etc.
+
+** Describe any workflow available for deprovisioning, time based, approval based, and any attribute or membership checks that can be used for deprovisioning workflow.
+
+** Describe any controls for sanity checks in your product to prevent accidental mass deprovisioning.
+
+** Describe the administrative capabilities the product has for deprovisioning and deprovisioning intervention, include any delegation features.
+
+** Describe how the product handles deprovisioning of credentials w/r/t propagation to multiple credential stores.?
+
+** Describe how the product handles de-provisioning of MFA (Authentication methods) after the user is no longer active and how do deal with re-provisioning when the same user returns?
+
+==== Service Provisioning Category (3)
+- Provisioning/Reconciliation
+
+** Describe how does the product ensure that source and destination are in sync?
+
+** Describe both targeted and full reconciliation (fully match accounts). Incremental vs full.
+
+** Describe how does the product identify and handle orphan accounts ?
+
+** Describe how the product handles manual intervention by an admin.
+
+** How flexible is customization of the IDM connector that provisions the account?
+
+** Does the product support a threshold to alert for large quantity of updates?
+
+- JIT/JIC (Cloud Services)
+
+** Describe how the product integrate with a “Just-in-Time” provisioning model-- on demand provisioning when the user logs in. How does you product learn about this access from IGA perspective?
+
+** Describe how you support the “Just-in-Case” provisioning model in relation to the Cloud Services?
+
+- WorkFlows
+
+** Describe how the product handles automated workflows.?
+
+** Describe how the product supports end-user self-service workflows.
+
+** Describe how does your product support the Workflow-based provisioning model in general.
+
+- Deprovisioning and repatriation
+
+** Describe how the your product handle a service account de-provisioning with flexibility ( account disabled vs account remove) in accordance with the service and business needs?
+
+** Describe how the product triggers deprovisioning to a service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Describe how the product supports repatriating a service account from institutional to personal.
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+- Life Cycle
+
+** Describe how does the product captures changes in affiliations/roles that matter for service entitlements?
+
+** Describe how does the product handle grace periods used in extending services to users beyond a specific period of time . Does the product have a Business Rule Engine to handle this need?
+
+** Does the product support the establishments of policies and processes to reinstate disabled identities/services?
+
+==== Target directory provisioning Category (4)
+- Linking identities between directories or services
+** Describe how the product links an identity in a source directory to the same identity in the target (and service?)
+
+** Are your user linkage attributes characterized as follows:
+
+*** Immutable
+*** Static
+*** Globally unique
+
+** What is the process of account matching if accounts already exist?
+
+- Reconciliation
+** How does the product ensure the target directory or service has state in sync with the source?
+
+** Does the product support rollback or transaction?
+
+** Does the product support incremental/full sync with the target directories ?
+
+- Deprovisioning and repatriation
+** Describe how the product triggers deprovisioning of identities in a target directory or service.
+
+** Describe the process of deprovisioning identities in a target directory or service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+==== Roles and Groups Category (5)+
+- Type of Roles/Groups
+** Describe how the product support RBAC/ABAC/Groups models ?
+
+** Describe how the product supports a list of definable /extendible groups/roles?.
+
+
+** Describe how the product supports a hierarchy of groups (i.e., nesting and relationships between groups/roles)
+
+** What upstream data sources does the product readily support to derive roles/groups?
+
+** Does the product support sets of groups/roles associated together? (i.e., base, exceptions, includes/excludes).
+
+- Administration
+** Describe delegated access administration features for group management.
+
+** How does the product deal with “orphaned” delegation? (When previous admins are no longer there.)
+
+** Does the product provide APIs that would allow an external group and access management tool to drive your product’s groups and group memberships?
+
+** Does the product support attribute-based (ABAC) or role-based (RBAC) concepts to drive groups and group membership?
+
+** Can groups have permissions associated with them?
+
+** What sort of attributes or metadata about groups are available?
+
+** Does the product support automatic review of roles/groups (attestation)
+
+** How does the product expose or link groups or roles for fine-grained service authorizations?
+
+- Guidance for architecting
+** How does your product define a default role or template (set of groups) for new entities?
+
+** Does the product provide any tool for role mining ?
+
+** Does the product provide a deployment /architecture guidelines for implementing roles/groups ?
+
+==== Reporting/Auditing Category (6)+
+- Integration with External Reporting Engine
+** Does the product support the export of data to external sources for building reports?
+
+- Target Systems
+** Does the product support reports on:
+
+*** Access for an application (target system)
+
+*** All access for a user, all users in a unit, all users for a supervisor
+
+*** Elevated or high-risk access
+
+*** Separation of Duties
+
+- Auditing
+** Can the product provide a tool to compare intended provisioning to the actual state of an application on demand?
+
+** Does the product audit changes made within it (eg, who made a change to group membership logic when, and what the change was)?
+
+** Does the product support Separation of Duties audits?
+ (If you do access reviews / attestations) does the product provide adequate support?
+
+*** review by person, unit, application
+
+*** review of only manually-decided access, exceptions only, etc
+
+** Can audit results include “comments” (eg, “access being removed because …”) that become part of the record
+
+** Can the auditing work with an external ticketing system (eg, ServiceNow, Remedy)
+
+** How does the product define and schedule reviews, notify and remind reviewers, etc? Can the product send emails and/or use an external ticketing system? Are reviews done within the product, or in a document sent to the reviewer?
+
+** How does the reviewer to report results? Is the effort required proportional to the number of changes?
+
+** Does the product support workflows, logic, etc. needed to implement access changes determined by a review?
+
+==== Cost/Vendor Considerations Category (7)+
+- On Going Maintenance/Cost
+** What is the product on-goin service support contract structure ?
+
+** What is the Software licensing cost structure (Enterprise vs non)?
+
+** If one of the product license model is pay-per-active-account , how does the product consider the following populations? :
+*** Alumni users
+*** Guest users
+*** Extended Community users (Parents, Propsect Students , Applicants, Continuing Ed students ,ec..)
+*** Social identities that are linked to Idm system
+
+** Does the product provide any Higher Ed discount ?
+
+- Vendor Stability
+** How long is the product being in the market ?
+
+** How many Higher Ed clients does the product have ?
+
+- Ease Of Deployment
+** Ease of Deployment under the following categories:
+*** Software Package
+*** Cloud ready
+*** Containers/orchestration support
+*** Install from binary
+*** Install from source code
+*** Security Updates
+*** Patch updates
+*** Install/Deploy/Tuning Documentations
From fffc1a7b50644084b255c963afe7cde6e879dfa9 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Tue, 12 Dec 2023 17:19:53 -0600
Subject: [PATCH 107/126] MBProMax
---
docs/IAMfuncGTAAsurvey.adoc | 287 ++++++++++++++++++++++++++++++++++++
1 file changed, 287 insertions(+)
create mode 100644 docs/IAMfuncGTAAsurvey.adoc
diff --git a/docs/IAMfuncGTAAsurvey.adoc b/docs/IAMfuncGTAAsurvey.adoc
new file mode 100644
index 0000000..22b91f5
--- /dev/null
+++ b/docs/IAMfuncGTAAsurvey.adoc
@@ -0,0 +1,287 @@
+
+=== Identity Provisioning Category (1)
+====== Identity Matching
+
+** Does the product provide an identity matching service?
+
+** Describe how the identity matching service is configured, and any scoring or weighting of attributes?
+
+** Describe how low quality matches are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them.?
+
+** Can the matching service be run against an existing population seeking duplicates?
+
+** Does the product have the ability to use an external matching service?
+
+** Describe the configuration of the external service.
+
+** Describe how low quality matches indications are handled, and if there is a notion of matches in suspense, what are the mechanisms for making assertions about them?
+
+** Describe and standards that are used in messaging or APIs for matching services.
+
+====== User Name Assignment
+
+** Does the product support user selected usernames?, if so, how are attempted duplicates handled.
+
+** Does the product support generated usernames?, if so, describe the options and configuration
+
+** Does the product support enrollment of new users?, if so, please describe the configuration of the enrollment portal, and any support for workflow.
+
+** Describe how the product handles username changes, including support for namespace protection and auditing, and any workflows?
+
+** Describe how the product can communicate username changes to other systems that might need to be informed?
+
+====== Identifiers
+
+** Describe how the your product handles the creation of Identifiers.
+
+** Describe how does the product handles the use of external vs internal identifiers ?
+
+** Describe how the product maintain immutable/opaque identifiers that are used system to system ? How do these identifiers help when user id's change ?
+
+** Describe the product support for social IDs (Facebook, Google, etc.) in place of local identities.
+
+** Describe the product support for social IDs that are connected to local identities.
+
+** Describe whether social ID can be a step in onboarding/offboarding?
+
+** Describe how does the product consider Level of Assurance LOA when using social IDs.?
+
+** Describe Identity Matching even with Identity matching, even with social ID
+
+=== Credential Provisioning Category (2)
+====== Password Rules and Policies
+
+** Describe how the product the support of limiting the number of different passwords that users need to remember to one central password connected to a central password store or if you have multiple password stores of the same password, how does the product synchronize it?
+
+** Describe the password policies you support with regard to complexity, length, and any dictionary checks. Include character classes supported in complexity checks.
+
+** Does the product support flexible password policy based on password length? For example support pass phrases but requiring additional character sets for shorter passwords..
+
+** Describe the products support for password expiration, including any support for flexible expiration based on grouping, assurance, or other factors such as password quality.
+
+** Describe how the product conveys password quality to end users?
+
+** Describe how the product meets accessibility guidelines?
+
+** Describe how does the product deal with passwordless?
+
+====== Password Setting/Activation
+
+** Describe how the product assures initial password setting is being done by the appropriate authority, such as invitations, one time and/or short lived tokens etc.
+
+** Describe the products support for terms of use and informed consent when getting a credential.
+
+** What platforms are supported for end user devices setting initial and subsequent passwords, including any required technologies.
+
+** Describe any features your product has to deter attacks on unclaimed credentials.
+
+** Describe how the product works with identity proofing during the account claiming process?
+
+====== Authentication Types (Factors)
+
+** Describe the support for certificate based authentication.
+
+** Describe the product support for multifactor enrollment, specifying supported technologies and products, explicitly address U2F support.
+
+** Describe any support you have for challenge response questions.
+
+** Describe any unlisted additional authentication factors, and any features that help user recognition such as image validation.
+
+** How does the product handle loss of a (perhaps only) two factor device, such as one time tokens?
+
+====== Provisioning/De-provisioning of credential
+
+** Describe how the product enforces control over provisioning password to a SP when Federation option is available?
+
+** Describe the states supported by the product for credentials, such as open, expired, disabled, locked/unlocked, security deny, etc.
+
+** Describe any workflow available for deprovisioning, time based, approval based, and any attribute or membership checks that can be used for deprovisioning workflow.
+
+** Describe any controls for sanity checks in your product to prevent accidental mass deprovisioning.
+
+** Describe the administrative capabilities the product has for deprovisioning and deprovisioning intervention, include any delegation features.
+
+** Describe how the product handles deprovisioning of credentials w/r/t propagation to multiple credential stores.?
+
+** Describe how the product handles de-provisioning of MFA (Authentication methods) after the user is no longer active and how do deal with re-provisioning when the same user returns?
+
+=== Service Provisioning (3)
+====== Provisioning/Reconciliation
+
+** Describe how does the product ensure that source and destination are in sync?
+
+** Describe both targeted and full reconciliation (fully match accounts). Incremental vs full.
+
+** Describe how does the product identify and handle orphan accounts ?
+
+** Describe how the product handles manual intervention by an admin.
+
+** How flexible is customization of the IDM connector that provisions the account?
+
+** Does the product support a threshold to alert for large quantity of updates?
+
+====== JIT/JIC (Cloud Services)
+
+** Describe how the product integrate with a “Just-in-Time” provisioning model-- on demand provisioning when the user logs in. How does you product learn about this access from IGA perspective?
+
+** Describe how you support the “Just-in-Case” provisioning model in relation to the Cloud Services?
+
+====== WorkFlows
+
+** Describe how the product handles automated workflows.?
+
+** Describe how the product supports end-user self-service workflows.
+
+** Describe how does your product support the Workflow-based provisioning model in general.
+
+====== Deprovisioning and repatriation
+
+** Describe how the your product handle a service account de-provisioning with flexibility ( account disabled vs account remove) in accordance with the service and business needs?
+
+** Describe how the product triggers deprovisioning to a service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Describe how the product supports repatriating a service account from institutional to personal.
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+====== Life Cycle
+
+** Describe how does the product captures changes in affiliations/roles that matter for service entitlements?
+
+** Describe how does the product handle grace periods used in extending services to users beyond a specific period of time . Does the product have a Business Rule Engine to handle this need?
+
+** Does the product support the establishments of policies and processes to reinstate disabled identities/services?
+
+=== Target directory provisioning Category (4)
+====== Linking identities between directories or services
+** Describe how the product links an identity in a source directory to the same identity in the target (and service?)
+
+** Are your user linkage attributes characterized as follows:
+
+*** Immutable
+*** Static
+*** Globally unique
+
+** What is the process of account matching if accounts already exist?
+
+====== Reconciliation
+** How does the product ensure the target directory or service has state in sync with the source?
+
+** Does the product support rollback or transaction?
+
+** Does the product support incremental/full sync with the target directories ?
+
+====== Deprovisioning and repatriation
+** Describe how the product triggers deprovisioning of identities in a target directory or service.
+
+** Describe the process of deprovisioning identities in a target directory or service.
+
+** How is authorization removal handled for deprovisioned users?
+
+** Does the product support a threshold to alert for large quantity of changes?
+
+=== Roles and Groups Category (5)+
+====== Type of Roles/Groups
+** Describe how the product support RBAC/ABAC/Groups models ?
+
+** Describe how the product supports a list of definable /extendible groups/roles?.
+
+
+** Describe how the product supports a hierarchy of groups (i.e., nesting and relationships between groups/roles)
+
+** What upstream data sources does the product readily support to derive roles/groups?
+
+** Does the product support sets of groups/roles associated together? (i.e., base, exceptions, includes/excludes).
+
+====== Administration
+** Describe delegated access administration features for group management.
+
+** How does the product deal with “orphaned” delegation? (When previous admins are no longer there.)
+
+** Does the product provide APIs that would allow an external group and access management tool to drive your product’s groups and group memberships?
+
+** Does the product support attribute-based (ABAC) or role-based (RBAC) concepts to drive groups and group membership?
+
+** Can groups have permissions associated with them?
+
+** What sort of attributes or metadata about groups are available?
+
+** Does the product support automatic review of roles/groups (attestation)
+
+** How does the product expose or link groups or roles for fine-grained service authorizations?
+
+====== Guidance for architecting
+** How does your product define a default role or template (set of groups) for new entities?
+
+** Does the product provide any tool for role mining ?
+
+** Does the product provide a deployment /architecture guidelines for implementing roles/groups ?
+
+=== Reporting/Auditing Category (6)+
+====== Integration with External Reporting Engine
+** Does the product support the export of data to external sources for building reports?
+
+====== Target Systems
+** Does the product support reports on:
+
+*** Access for an application (target system)
+
+*** All access for a user, all users in a unit, all users for a supervisor
+
+*** Elevated or high-risk access
+
+*** Separation of Duties
+
+====== Auditing
+** Can the product provide a tool to compare intended provisioning to the actual state of an application on demand?
+
+** Does the product audit changes made within it (eg, who made a change to group membership logic when, and what the change was)?
+
+** Does the product support Separation of Duties audits?
+ (If you do access reviews / attestations) does the product provide adequate support?
+
+*** review by person, unit, application
+
+*** review of only manually-decided access, exceptions only, etc
+
+** Can audit results include “comments” (eg, “access being removed because …”) that become part of the record
+
+** Can the auditing work with an external ticketing system (eg, ServiceNow, Remedy)
+
+** How does the product define and schedule reviews, notify and remind reviewers, etc? Can the product send emails and/or use an external ticketing system? Are reviews done within the product, or in a document sent to the reviewer?
+
+** How does the reviewer to report results? Is the effort required proportional to the number of changes?
+
+** Does the product support workflows, logic, etc. needed to implement access changes determined by a review?
+
+=== Cost/Vendor Considerations Category (7)
+====== On Going Maintenance/Cost
+** What is the product on-goin service support contract structure ?
+
+** What is the Software licensing cost structure (Enterprise vs non)?
+
+** If one of the product license model is pay-per-active-account , how does the product consider the following populations? :
+*** Alumni users
+*** Guest users
+*** Extended Community users (Parents, Propsect Students , Applicants, Continuing Ed students ,ec..)
+*** Social identities that are linked to Idm system
+
+** Does the product provide any Higher Ed discount ?
+
+====== Vendor Stability
+** How long is the product being in the market ?
+
+** How many Higher Ed clients does the product have ?
+
+====== Ease Of Deployment
+** Ease of Deployment under the following categories:
+*** Software Package
+*** Cloud ready
+*** Containers/orchestration support
+*** Install from binary
+*** Install from source code
+*** Security Updates
+*** Patch updates
+*** Install/Deploy/Tuning Documentations
From 80d0a2b6fcab01f973119e93e0346d62a25da4a3 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Feb 2024 19:06:12 -0600
Subject: [PATCH 108/126] MBProMax
---
docs/IAMfuncGTAAsurvey.adoc | 3 ++-
docs/entra.adoc | 10 ++++++++++
docs/test-data-howto.adoc | 13 +++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 docs/entra.adoc
diff --git a/docs/IAMfuncGTAAsurvey.adoc b/docs/IAMfuncGTAAsurvey.adoc
index 22b91f5..8f7d4c5 100644
--- a/docs/IAMfuncGTAAsurvey.adoc
+++ b/docs/IAMfuncGTAAsurvey.adoc
@@ -1,5 +1,6 @@
=== Identity Provisioning Category (1)
+
====== Identity Matching
** Does the product provide an identity matching service?
@@ -182,7 +183,7 @@
** Does the product support a threshold to alert for large quantity of changes?
-=== Roles and Groups Category (5)+
+=== Roles and Groups Category (5)
====== Type of Roles/Groups
** Describe how the product support RBAC/ABAC/Groups models ?
diff --git a/docs/entra.adoc b/docs/entra.adoc
new file mode 100644
index 0000000..b68fcad
--- /dev/null
+++ b/docs/entra.adoc
@@ -0,0 +1,10 @@
+entra.adoc
+
+- - -
+_2024-01-10 17:08 M$ move to Entra as new name for AzureAD_
+
+https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/aad/apps/integration/[] <- Brian Arkills on Entra app integrations +
+https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/[] <- rich links to UDub MS materials +
+https://staff.washington.edu/barkills/[] <- presentations from 2000 to 2023 +
+
+
diff --git a/docs/test-data-howto.adoc b/docs/test-data-howto.adoc
index e31c31c..86fc2f4 100644
--- a/docs/test-data-howto.adoc
+++ b/docs/test-data-howto.adoc
@@ -1,4 +1,17 @@
=== test-data-how-to.adoc
+
+- - -
+_2024-01-09 19:52 picking up the large N group study on khazelton.workbench_
+
+import MBProMax:Downloads/alumni-meds-1.csv as resource 'alumni'
+or
+import MBProMax:/Users/kh/opt/opt.rec/kh-wb4/csv/source-hrms.csv
+
+set up target LDAP resource and define outbound mappings from alumni
+define this ldap as subject source and group source for Grouper
+
+sis resource definition: /Users/kh/opt/opt.rec/kh-wb4/objects/resources/SISlargeN.xml
+
- - -
_2023-08-16 18:10:25 Importing a small sample csv SIS file_
From c0cc03651fbce8fa4b6a45569a1cb1fee3122cba Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:50:14 -0500
Subject: [PATCH 109/126] Create postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 1 +
1 file changed, 1 insertion(+)
create mode 100644 docs/postgres-only-workbench.adoc
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
new file mode 100644
index 0000000..95ddb89
--- /dev/null
+++ b/docs/postgres-only-workbench.adoc
@@ -0,0 +1 @@
+===== Modifying the Workbench so the HR source system and the Wordpress database shift from Mariadb to Postgres, Making Postgres the only needed database
From c57b2b45fa791a48fc57107d699028e5751518d3 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:52:31 -0500
Subject: [PATCH 110/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index 95ddb89..c56193e 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -1 +1,5 @@
-===== Modifying the Workbench so the HR source system and the Wordpress database shift from Mariadb to Postgres, Making Postgres the only needed database
+===== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
+
+This will make Postgres the only database in the Workbench
+
+
From ff1a04e530494f323144314694547597f63417e7 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:53:11 -0500
Subject: [PATCH 111/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index c56193e..cdcc4a5 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -1,4 +1,4 @@
-===== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
+==== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
This will make Postgres the only database in the Workbench
From e2ccc02f3f64ab14da86abc2bcdb20eadc12c5e8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:54:12 -0500
Subject: [PATCH 112/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 33 +++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index cdcc4a5..17d6378 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -3,3 +3,36 @@
This will make Postgres the only database in the Workbench
+
+==== From Zero to a Running Workbench Instance
+
+===== Specs for an adequate workbench host machine
+
+. host machine of recent vintage with 32Gb memory
+. rocky linux (ubuntu works, too)
+. Docker installed
+
+===== Obtain and build the Workbench image
+
+```
+export CSPHOSTNAME=localhost # the environment variable that the containers will use as the hostname of the host running the containers
+
+git clone https://github.internet2.edu/internet2/InCommonTAP-Examples.git
+cd /csp-tap/InCommonTAP-Examples/Workbench
+docker-compose up --build
+```
+
+<< long coffee break here >>
+
+===== Check that all Workbench Containers are up and healthy
+
+```
+docker ps
+```
+
+===== Browse to the CSPHOSTNAME server
+
+. Pass the Basic Auth lint trap with username csp and password workbench
+. You will see a kiosk-like interface with links to the TAP components and to other supporting services
+. COmanage, Grouper, midPoint and a Shib IdP are directly accessible
+
From 8b3489404c7286e9f8f9b3b415a4c77da6a9cea8 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:55:12 -0500
Subject: [PATCH 113/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 1 +
1 file changed, 1 insertion(+)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index 17d6378..c865054 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -3,6 +3,7 @@
This will make Postgres the only database in the Workbench
+=== Prerequisites
==== From Zero to a Running Workbench Instance
From a50c99cee8fa9b28627adf81e2fe9b6ce4def4fd Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 21:55:28 -0500
Subject: [PATCH 114/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index c865054..1709b5f 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -1,4 +1,4 @@
-==== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
+== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
This will make Postgres the only database in the Workbench
From f44bdb9111c3cb3187f7c60423e8082a82998eee Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 1 Aug 2024 22:07:22 -0500
Subject: [PATCH 115/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 430 ++++++++++++++++++++++++++++++
1 file changed, 430 insertions(+)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index 1709b5f..bce39d6 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -37,3 +37,433 @@ docker ps
. You will see a kiosk-like interface with links to the TAP components and to other supporting services
. COmanage, Grouper, midPoint and a Shib IdP are directly accessible
+- - -
+
+== 1. Isolating references to mysql and postgres in the TAP Workbench
+
+=== In docker-compose.yml
+
+*- mysql/mariadb -*
+
+```
+200: sources:
+ build: ./sources/
+ volumes:
+ - source_mysql:/var/lib/mysql
+ - source_data:/var/lib/mysqlmounted
+
+480: wordpress_server:
+ build:
+ context: ./wordpress_server/
+ command: bash -c 'if [ ! -s /var/www/html/wp-config.php ]; then while ! nc -z wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done;
+
+511: wordpress_data:
+ build: ./wordpress_data/
+ volumes:
+ - wordpress_data:/var/lib/mysql
+
+650: volumes:
+ source_data:
+ comanage_mysql:
+ source_mysql:
+ target_data:
+ wordpress_data:
+ mariadb-data:
+```
+*- postgres -*
+
+```
+221: comanage_data:
+ build: ./comanage_data/
+ environment:
+ POSTGRES_USER: registry_user
+ POSTGRES_PASSWORD: Password1
+ POSTGRES_DB: registry
+ volumes:
+ - comanage_data:/var/lib/postgresql/data
+
+242: comanage_midpoint_data:
+ build: ./comanage_midpoint_data/
+ environment:
+ POSTGRES_USER: comanage_midpoint_loader
+ POSTGRES_PASSWORD: Password1
+ POSTGRES_DB: comanage_midpoint_loader
+ networks:
+ net:
+ aliases:
+ - comanage-midpoint-data
+ volumes:
+ - comanage_midpoint_data:/var/lib/postgresql/data
+
+ 282: midpoint_data:
+ image: postgres:13-alpine
+ command: >
+ rm -f /var/lib/postgresql/data/postmaster.pid ;
+ docker-entrypoint.sh postgres
+ environment:
+ - POSTGRES_PASSWORD_FILE=/run/secrets/m_database_password.txt
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
+ secrets:
+ - m_database_password.txt
+ volumes:
+ - midpoint_data:/var/lib/postgresql/data
+ - db_init:/docker-entrypoint-initdb.d/
+ - mp_pw:/opt/mp-pw
+
+324: midpoint_server:
+ build:
+ context: ./midpoint_server/
+ environment:
+ - REPO_DATABASE_TYPE=postgresql
+ m_database_password.txt
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+
+432: idp_ui_data:
+ image: postgres
+ environment:
+ POSTGRES_USER: shibui
+ POSTGRES_PASSWORD: secret
+ POSTGRES_DB: shibui
+ volumes:
+ - idpui_data:/var/lib/postgresql/data
+
+```
+
+- - -
+
+== 2. Migrate MySQL databases to Postgres
+
+
+*- MySQL in Dockerfiles -*
+
+===== ./sources/Dockerfile
+
+```
+FROM tier/mariadb:mariadb10
+
+COPY container_files/seed-data/ /seed-data/
+
+ENV MYSQL_DATABASE sis
+ENV MYSQL_USER sis_user
+ENV MYSQL_PASSWORD 49321420423
+ENV MYSQL_DATADIR /var/lib/mysqlmounted
+ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
+
+[csprootuser@ip-172-31-53-134 Workbench]$ cat sources/Dockerfile
+FROM tier/mariadb:mariadb10
+
+COPY container_files/seed-data/ /seed-data/
+
+ENV MYSQL_DATABASE sis
+ENV MYSQL_USER sis_user
+ENV MYSQL_PASSWORD 49321420423
+ENV MYSQL_DATADIR /var/lib/mysqlmounted
+ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
+```
+
+- - -
+
+== Other relevant selections from Docker-compose.yml and the per-component Dockerfiles
+
+*- Running Workbench Containers -*
+```
+[csprootuser@ip-172-31-53-134 ~]$ docker ps
+
+bcac3920984a workbench-comanage_cron "docker-comanage-cro…" 11 days ago Up 11 days (healthy) 80/tcp, 443/tcp workbench-comanage_cron-1
+
+73d6df7dc964 workbench-midpoint_server "/usr/local/bin/star…" 11 days ago Up 11 days (healthy) 80/tcp, 0.0.0.0:10443->443/tcp, :::10443->443/tcp workbench-midpoint_server-1
+
+a7f80a6c2eb4 workbench-idp_ui_api "/usr/bin/supervisor…" 11 days ago Up 11 days (healthy) 8443/tcp workbench-idp_ui_api-1
+
+1cdf5c3baf5d workbench-grouper_ui "/usr/local/bin/entr…" 11 days ago Up 11 days (healthy) 80/tcp, 8080/tcp, 8443/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp
+
+bfc26f8e0c9d workbench-grouper_daemon "/usr/local/bin/entr…" 11 days ago Up 11 days (healthy) 80/tcp, 443/tcp, 8080/tcp, 8443/tcp
+
+a3594f0d5542 workbench-grouper_ws "/usr/local/bin/entr…" 11 days ago Up 11 days (healthy) 80/tcp, 8080/tcp, 8443/tcp, 0.0.0.0:9443->443/tcp, :::9443->443/tcp
+
+30d2bb6f3835 workbench-idp "/usr/bin/startup.sh" 11 days ago Up 11 days (healthy) 0.0.0.0:13443->443/tcp, :::13443->443/tcp
+
+d12c56e97b9a postgres:13-alpine "docker-entrypoint.s…" 11 days ago Up 11 days (healthy) 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp workbench-midpoint_data-1
+
+a8f06373fdff workbench-comanage "docker-supervisord-…" 11 days ago Up 11 days (healthy) 80/tcp, 8080/tcp, 0.0.0.0:11443->443/tcp, :::11443->443/tcp
+
+b0d5d8ac7193 workbench-wordpress_server "bash -c 'if [ ! -s …" 11 days ago Up 11 days (healthy) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:12443->443/tcp, :::12443->443/tcp
+
+ff75fa2311c7 workbench-directory "/bin/sh -c 'rm -rf …" 11 days ago Up 11 days (healthy) 443/tcp, 0.0.0.0:1389->389/tcp, :::1389->389/tcp
+
+f949dd8a2791 workbench-idp_ui "/usr/bin/supervisor…" 11 days ago Up 11 days (healthy) 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 8443/tcp
+
+342372c932b4 workbench-sources "/opt/bin/start.sh" 11 days ago Up 11 days (healthy) 0.0.0.0:13306->3306/tcp, :::13306->3306/tcp
+
+e3349853f115 workbench-webproxy "/usr/local/bin/star…" 11 days ago Up 11 days (healthy) 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
+
+46483b5008e7 workbench-comanage_midpoint_data "docker-entrypoint.s…" 11 days ago Up 11 days (healthy) 0.0.0.0:35432->5432/tcp, :::35432->5432/tcp
+
+a5aac809e4bc workbench-grouper_data "/usr/local/bin/entr…" 11 days ago Up 11 days (healthy) 80/tcp, 443/tcp, 8080/tcp, 8443/tcp, 0.0.0.0:45432->5432/tcp, :::45432->5432/tcp
+
+55637013b5c7 workbench-mq "/usr/local/bin/demo…" 11 days ago Up 11 days (healthy) 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, :::5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp, :::15672->15672/tcp
+
+00b1baa4939d workbench-wordpress_data "docker-entrypoint.s…" 11 days ago Up 11 days (healthy) 0.0.0.0:32773->3306/tcp, :::32773->3306/
+
+be8bbd009ead workbench-ad "/bin/sh -c '/start.…" 11 days ago Up 11 days 0.0.0.0:53->53/tcp, ...
+
+
+ba5775b6dbe7 workbench-comanage_data "docker-entrypoint.s…" 11 days ago Up 11 days (healthy) 0.0.0.0:25432->5432/tcp, :::25432->5432/
+
+c54f3a94e07f postgres "docker-entrypoint.s…" 11 days ago Up 11 days (healthy) 0.0.0.0:15432->5432/tcp, :::15432->5432/
+```
+
+*- Workbench directory -*
+
+```
+[csprootuser@ip-172-31-53-134 csp-tap]$ cd /csp-tap/InCommonTAP-Examples/Workbench
+[csprootuser@ip-172-31-53-134 Workbench]$ ls -la
+total 80
+drwxr-xr-x 23 csprootuser root 4096 Jul 10 17:26 .
+drwxr-xr-x 6 csprootuser root 82 May 10 14:12 ..
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 ad
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 comanage
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 comanage_cron
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 comanage_data
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 comanage_midpoint_data
+drwxr-xr-x 6 csprootuser root 70 May 10 14:12 configs-and-secrets
+drwxr-xr-x 3 csprootuser root 47 Jun 10 16:43 directory
+-rw-r--r-- 1 csprootuser csprootuser 20547 Jul 10 16:26 docker-compose.yml
+-rw-r--r-- 1 csprootuser root 20565 Jun 9 19:00 docker-compose.yml.old
+-rw-r--r-- 1 csprootuser root 57 May 10 14:12 .env
+drwxr-xr-x 2 csprootuser root 24 Jun 10 15:17 grouper_daemon
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 grouper_data
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 grouper_ui
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 grouper_ws
+drwxr-xr-x 4 csprootuser root 69 May 10 14:12 idp
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 idp_ui
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 idp_ui_api
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 midpoint_server
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 mq
+-rw-r--r-- 1 csprootuser root 843 May 10 14:12 README.md
+drwxr-xr-x 2 csprootuser root 232 May 10 14:21 scripts
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 sources
+-rw-rw-r-- 1 csprootuser csprootuser 17257 Jul 10 17:17 th.xml
+drwxr-xr-x 3 csprootuser root 47 May 10 14:12 webproxy
+drwxr-xr-x 2 csprootuser root 24 May 10 14:12 wordpress_data
+drwxr-xr-x 4 csprootuser root 69 May 10 14:12 wordpress_server
+```
+*- Workbench Dockerfiles and container_file directories for building containers -*
+
+```
+[csprootuser@ip-172-31-53-134 Workbench]$ tree -L 2
+.
+├── ad
+│ ├── container_files
+│ └── Dockerfile
+├── comanage
+│ ├── container_files
+│ └── Dockerfile
+├── comanage_cron
+│ ├── container_files
+│ └── Dockerfile
+├── comanage_data
+│ ├── container_files
+│ └── Dockerfile
+├── comanage_midpoint_data
+│ ├── container_files
+│ └── Dockerfile
+├── configs-and-secrets
+│ ├── comanage
+│ ├── grouper
+│ ├── midpoint
+│ └── wordpress
+├── directory
+│ ├── container_files
+│ └── Dockerfile
+├── docker-compose.yml
+├── docker-compose.yml.old
+├── grouper_daemon
+│ └── Dockerfile
+├── grouper_data
+│ ├── container_files
+│ └── Dockerfile
+├── grouper_ui
+│ ├── container_files
+│ └── Dockerfile
+├── grouper_ws
+│ ├── container_files
+│ └── Dockerfile
+├── idp
+│ ├── container_files
+│ ├── Dockerfile
+│ └── shibboleth-idp
+├── idp_ui
+│ ├── container_files
+│ └── Dockerfile
+├── idp_ui_api
+│ ├── container_files
+│ └── Dockerfile
+├── midpoint_server
+│ ├── container_files
+│ └── Dockerfile
+├── mq
+│ ├── container_files
+│ └── Dockerfile
+├── README.md
+├── scripts
+│ ├── csp-cron
+│ ├── gethealth2.py
+│ ├── gethealth-output.txt
+│ ├── gethealth.py
+│ ├── refreshListener.php
+│ ├── refreshListener.service
+│ ├── refresh-this-instance.sh
+│ ├── setupcron.sh
+│ └── update-health-status.sh
+├── sources
+│ ├── container_files
+│ └── Dockerfile
+├── th.xml
+├── webproxy
+│ ├── container_files
+│ └── Dockerfile
+├── wordpress_data
+│ └── Dockerfile
+└── wordpress_server
+ ├── container_files
+ ├── Dockerfile
+ └── wordpress_data
+
+
+/csp-tap/InCommonTAP-Examples/Workbench$ ls -la sources/container_files/seed-data
+-rw-r--r-- 1 csprootuser root 55516 May 10 14:12 persons-and-courses.sql
+```
+
+== 2. Migrate MySQL databases to Postgres
+
+*- MySQL in Dockerfiles -*
+
+===== ./sources/Dockerfile
+
+```
+FROM tier/mariadb:mariadb10
+
+COPY container_files/seed-data/ /seed-data/
+
+ENV MYSQL_DATABASE sis
+ENV MYSQL_USER sis_user
+ENV MYSQL_PASSWORD 49321420423
+ENV MYSQL_DATADIR /var/lib/mysqlmounted
+ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
+
+[csprootuser@ip-172-31-53-134 Workbench]$ cat sources/Dockerfile
+FROM tier/mariadb:mariadb10
+
+COPY container_files/seed-data/ /seed-data/
+
+ENV MYSQL_DATABASE sis
+ENV MYSQL_USER sis_user
+ENV MYSQL_PASSWORD 49321420423
+ENV MYSQL_DATADIR /var/lib/mysqlmounted
+ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
+```
+
+./wordpress_server/Dockerfile
+
+```
+cat wordpress_server/Dockerfile
+FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
+
+VOLUME /var/www/html
+
+COPY container_files/wordpress/sed.sh /root
+COPY container_files/wordpress/config-shibb.sql /root
+COPY container_files/wordpress/wp /root
+COPY container_files/wordpress/config.yml /root/.wp-cli
+COPY container_files/wordpress/wp-cli.yml /var/www/html
+COPY container_files/shibboleth/* /etc/shibboleth/
+COPY container_files/system/setservername.sh /usr/local/bin/
+RUN chmod +x /root/wp
+RUN dnf module enable -y php:7.4
+RUN yum update -y
+RUN yum install -y php php-cli php-common php-gd php-curl php-json php-mysqlnd php-pdo php-zip php-mbstring libwebp mariadb wget postfix nc
+RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.rpm
+RUN yum --enablerepo=remi,remi-test install -y gd3php gd3php-devel php74-php-sodium
+
+RUN echo 'date.timezone="UTC"' >> /etc/php.ini
+
+WORKDIR /var/www/html
+
+RUN chown -R apache:apache /var/www/html
+COPY container_files/system/setservername.sh /usr/local/bin/
+RUN chmod 755 /usr/local/bin/setservername.sh #&& rm -f /etc/httpd/conf.d/ssl.conf
+
+#set hostname
+ARG CSPHOSTNAME=localhost
+ENV CSPHOSTNAME=$CSPHOSTNAME
+
+RUN /usr/local/bin/setservername.sh
+RUN mkdir -p /run/php-fpm/
+
+ENV LD_LIBRARY_PATH=/opt/shibboleth/lib64
+```
+
+./wordpress_data/Dockerfile
+
+```
+$ cat wordpress_data/Dockerfile
+from mariadb:latest
+RUN apt-get update
+RUN apt install curl -y
+#RUN apt-get install wget gcc libmysql++-dev librabbitmq-dev pkg-config libbsd-dev -y
+#ENV MYSQL_RANDOM_ROOT_PASSWORD=true
+ENV MYSQL_ROOT_PASSWORD=54y6RxN7GfC7aes3
+ENV MYSQL_DATABASE=wordpress
+ENV MYSQL_USER=wordpress
+ENV MYSQL_PASSWORD=54y6RxN7GfC7aes3
+#WORKDIR /tmp
+#RUN wget https://github.com/ssimicro/lib_mysqludf_amqp/releases/download/v2.0.0/lib_mysqludf_amqp-2.0.0.tar.gz
+#RUN tar zxf lib_mysqludf_amqp-2.0.0.tar.gz
+#WORKDIR /tmp/lib_mysqludf_amqp-2.0.0
+#RUN ./configure && make && make install #mysql -u root --password=54y6RxN7GfC7aes3 < installdb.sql
+RUN cat /etc/resolv.conf
+EXPOSE 3306
+```
+
+*- Use grouper_data Dockerfile as template for migrating MySQL databases -*
+
+./grouper_data/Dockerfile
+
+```
+FROM i2incommon/grouper:4.12.0
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
+
+RUN yum install -y epel-release \
+ && yum update -y \
+ && dnf module enable -y postgresql:12 \
+ && dnf install -y postgresql-server \
+ && yum clean all \
+ && rm -rf /var/cache/yum
+
+COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
+COPY container_files/bootstrap/ /tmp/
+COPY container_files/sql/createSQLuser.sql /
+COPY container_files/sql/createDBforMP.sql /
+
+#setup DB
+RUN chown -R postgres:postgres /var/lib/pgsql/
+RUN echo "password" > /db-user-pwd.txt
+RUN sudo -u postgres initdb -D /var/lib/pgsql/data/ --username=postgres --pwfile=/db-user-pwd.txt
+
+#create grouper DB
+RUN sudo -u postgres pg_ctl start -D /var/lib/pgsql/data/ \
+ && psql -U postgres -f /createSQLuser.sql \
+ && psql -U postgres -f /createDBforMP.sql \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh
+
+RUN echo "host all all 0.0.0.0/0 trust" >> /var/lib/pgsql/data/pg_hba.conf
+
+EXPOSE 5432
+```
+
+
From 09a7fee54d987a2ab9f95fce3d8083980db6f623 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:22:40 -0500
Subject: [PATCH 116/126] Create password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 docs/password-reset-by-api.adoc
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
new file mode 100644
index 0000000..8dad4fd
--- /dev/null
+++ b/docs/password-reset-by-api.adoc
@@ -0,0 +1,18 @@
+
+
+
+John Bigornia
+ Aug 27th at 13:55
+I know there's a password reset feature via security question on the UI. Is it possible to do this through a REST call? This is to test a client self service password reset. If not, will this be a feature in the future? (edited)
+2 replies
+
+
+Dennis Antrobus
+ Aug 30th at 14:13
+Yes, it's possible to do this via a REST call. An example can be found on this Evolveum docs page by searching for the string "Execute Password Reset" : https://docs.evolveum.com/midpoint/reference/master/interfaces/rest/endpoints/users/#modify-user-objects
+If you use Java in your organization there is also the option of using the MidPoint Client Library to execute these types of operations. See: https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/midpoint-client-java/
+
+
+John Bigornia
+ Sep 5th at 15:39
+Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example (edited)
From 6785b8266edb9387aaad08abe1f84e53518d2813 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:26:56 -0500
Subject: [PATCH 117/126] Update password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
index 8dad4fd..29f38e7 100644
--- a/docs/password-reset-by-api.adoc
+++ b/docs/password-reset-by-api.adoc
@@ -1,18 +1,15 @@
-
-John Bigornia
- Aug 27th at 13:55
-I know there's a password reset feature via security question on the UI. Is it possible to do this through a REST call? This is to test a client self service password reset. If not, will this be a feature in the future? (edited)
-2 replies
-
+==== Password Reset by API Call 27 Aug 2024
+John Bigornia,
+I know there's a password reset feature via security question on the UI. Is it possible to do this through a REST call? This is to test a client self service password reset.
Dennis Antrobus
- Aug 30th at 14:13
-Yes, it's possible to do this via a REST call. An example can be found on this Evolveum docs page by searching for the string "Execute Password Reset" : https://docs.evolveum.com/midpoint/reference/master/interfaces/rest/endpoints/users/#modify-user-objects
-If you use Java in your organization there is also the option of using the MidPoint Client Library to execute these types of operations. See: https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/midpoint-client-java/
+Yes, it's possible to do this via a REST call. An example can be found on this Evolveum docs page by searching for the string "Execute Password Reset" : https://docs.evolveum.com/midpoint/reference/master/interfaces/rest/endpoints/users/#modify-user-objects
+If you use Java in your organization there is also the option of using the MidPoint Client Library to execute these types of operations. See: https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/midpoint-client-java/
John Bigornia
- Sep 5th at 15:39
-Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example (edited)
+Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example
+
+TBD: Check API documentation for full list of operations.
From 786fbf29098f735d61930868cfe5722b44c7f569 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:27:18 -0500
Subject: [PATCH 118/126] Update password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
index 29f38e7..6160cdd 100644
--- a/docs/password-reset-by-api.adoc
+++ b/docs/password-reset-by-api.adoc
@@ -1,6 +1,6 @@
-==== Password Reset by API Call 27 Aug 2024
+==== Password Reset by API Call, 27 Aug 2024
John Bigornia,
I know there's a password reset feature via security question on the UI. Is it possible to do this through a REST call? This is to test a client self service password reset.
From e322133d7abba5464fc2d1f114d71e4f3a4d9c98 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:28:04 -0500
Subject: [PATCH 119/126] Update password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
index 6160cdd..9e81519 100644
--- a/docs/password-reset-by-api.adoc
+++ b/docs/password-reset-by-api.adoc
@@ -1,15 +1,15 @@
==== Password Reset by API Call, 27 Aug 2024
-John Bigornia,
+John Bigornia, +
I know there's a password reset feature via security question on the UI. Is it possible to do this through a REST call? This is to test a client self service password reset.
-Dennis Antrobus
+Dennis Antrobus +
Yes, it's possible to do this via a REST call. An example can be found on this Evolveum docs page by searching for the string "Execute Password Reset" : https://docs.evolveum.com/midpoint/reference/master/interfaces/rest/endpoints/users/#modify-user-objects
If you use Java in your organization there is also the option of using the MidPoint Client Library to execute these types of operations. See: https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/midpoint-client-java/
-John Bigornia
-Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example
+John Bigornia +
+Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example +
TBD: Check API documentation for full list of operations.
From 36311a0d74421701a5cc414e32e59e27a19ed447 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:29:21 -0500
Subject: [PATCH 120/126] Update password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
index 9e81519..e683078 100644
--- a/docs/password-reset-by-api.adoc
+++ b/docs/password-reset-by-api.adoc
@@ -13,3 +13,5 @@ John Bigornia +
Hi Dennis. Thanks for the reply. Does this prompt the security questions to be answered? In this example we are using the administrator to reset the password. I'm currently looking for documentation about the resetMethod. I'm assuming there's more than just that one listed in the example +
TBD: Check API documentation for full list of operations.
+
+--- labels: midPoint, API, password
From 90f557cbf8cb5b17237e2072ba2d25a643f0bfbe Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 11:36:08 -0500
Subject: [PATCH 121/126] Update password-reset-by-api.adoc
---
docs/password-reset-by-api.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/password-reset-by-api.adoc b/docs/password-reset-by-api.adoc
index e683078..1dbf723 100644
--- a/docs/password-reset-by-api.adoc
+++ b/docs/password-reset-by-api.adoc
@@ -14,4 +14,4 @@ Hi Dennis. Thanks for the reply. Does this prompt the security questions to be a
TBD: Check API documentation for full list of operations.
---- labels: midPoint, API, password
+--- page labels: midPoint, API, password
From 951674d7b1d9239ebec4a880d2e47d9dd903125e Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 12:55:12 -0500
Subject: [PATCH 122/126] Create stay-with-single-object-type-for-user
---
docs/stay-with-single-object-type-for-user | 36 ++++++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100644 docs/stay-with-single-object-type-for-user
diff --git a/docs/stay-with-single-object-type-for-user b/docs/stay-with-single-object-type-for-user
new file mode 100644
index 0000000..d4427f3
--- /dev/null
+++ b/docs/stay-with-single-object-type-for-user
@@ -0,0 +1,36 @@
+
+
+
+
+
+Trevor Lucas
+Hello, I am trying to understand the relationship between Archetypes and Object Templates. Specifically, I'm looking at the built-in Person Archetype and the Person Object Template in midPoint 4.8 and trying to understand how they are linked together so that I can extrapolate them to other Archetypes and Object Templates. I can't see any assignments or links between the two object types within the XML. I have looked at examples within the Workbench and the midPoint demos and have read the Archetype and Object Template docs several times trying to find this answer.
+The end goal is to try to mimic the Workbench and have a Student Archetype for the SIS resource and an Employee Archetype for the HR Resource. Then I would like to extend those by adding Object Templates that could specifically affect the respective Archetype Users. Those Object Templates would have specific name and email constructions, auto-assigned roles, etc, just like the Person Object Template can have by default. Ultimately I'd like to know how a specific Template is applied to a specific Archetype.
+
+Slavek Licehammer
+Hi Trevor. You are looking for objectTemplateRef in archetype configuration. For example: https://github.com/Evolveum/midpoint/blob/master/config/initial-objects/archetype/702-archetype-person.xml#L22
+Having separate archetype for students and separate for employees might be problematic if a single user can be both employee and student at the same time. I'm still looking for a universal design pattern how to represent affiliations, but I'm not sure if there is any. Because different universities are handling it differently.
+
+Trevor Lucas
+Hi Slavek, that's exactly it. Thank you! I see that now in the Person Archetype and am wondering how I didn't see it before.
+I was wondering the same thing about splitting into separate archetypes versus using the Person archetype. We can have Students who are also Student Employees, but I was thinking of handling that with Roles. So a Student Archetype User could have a role of Student Employee and get their account created, roles assigned, all that stuff. These would be different than Employee Archetype Users in ways like software licensing.
+Either way we do it we'll have to have some kind of logic to determine which Person is staff, which is student, and grant them roles that way. Would you recommend for a new midPoint deployment to use the Person archetype and build out from there?
+
+Trevor Lucas
+After pondering some more today, I think it will be the best approach to use Person Archetype and not try to split it out by "user type". We would immediately run into collisions with people who are both Students and Employees, and you can't really make those Users owner of other Users. I think we'll rely on roles and getting those auto-assigned to get people their correct accounts and everything else.
+Thank you, again!
+
+Amol Athawale
+We had also tried to use different archetypes for different user types, however, after some brainstorming we ended up using the single USDPerson Archetype (custom) for all our users (employee, student, student workers etc). I remember reading a statement in the Archetype chapter, that it is not recommended to change the archetype of the user in the entire life cycle. We have scenarios where employees enroll for full time degree programs and students become full time employees (different from student worker).
+
+Trevor Lucas
+@Amol Athawale
+Why did you go with a custom Archetype rather than use Person? There must have been some benefits that I'm not thinking of. The immediate one would be insulation from changes that get made to "Person" over different versions of midPoint. If you don't mind sharing, what were the pros/cons?
+
+Amol Athawale
+Hello Trevor, I apologize if this isn't the answer you were expecting, but part of the reason lies in my preference for avoiding defaults. Initially, we created a hierarchical structure of Archetypes but quickly realized it wasn't working for us, so we reverted to using the parent archetype (USDPerson). As I'm still fairly new to Midpoint, I wanted to thoroughly understand the relationships between various objects like Archetypes, Object Templates, Resources, etc. Creating custom components wherever possible is helping me do that.
+FYI - We are still in development phase.
+
+Trevor Lucas
+Fair enough, we are in a similar boat. Very much in development and trying lots of different things. Thank you for the reply, I appreciate it.
+Thank you, Amol! We would have similar scenarios. We also have staff who are faculty, students and student employees who make that transition to FTE (and sometimes back again), etc. Better to keep them all as "Person" or equivalent, especially if Archetype should never change on a user.
From 1b000dd0df21b04acdb6caeb11867c0092087c86 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 13:04:15 -0500
Subject: [PATCH 123/126] Create
do-not-use-different-archetypes-for-student-and-employees.adoc
---
...-archetypes-for-student-and-employees.adoc | 47 +++++++++++++++++++
1 file changed, 47 insertions(+)
create mode 100644 docs/do-not-use-different-archetypes-for-student-and-employees.adoc
diff --git a/docs/do-not-use-different-archetypes-for-student-and-employees.adoc b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
new file mode 100644
index 0000000..108cc28
--- /dev/null
+++ b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
@@ -0,0 +1,47 @@
+
+do-not-use-different-archetypes-for-student-and-employees.adoc
+
+Trevor Lucas
+Hello, I am trying to understand the relationship between Archetypes and Object Templates. Specifically, I'm looking at the built-in Person Archetype and the Person Object Template in midPoint 4.8 and trying to understand how they are linked together so that I can extrapolate them to other Archetypes and Object Templates. I can't see any assignments or links between the two object types within the XML. I have looked at examples within the Workbench and the midPoint demos and have read the Archetype and Object Template docs several times trying to find this answer.
+The end goal is to try to mimic the Workbench and have a Student Archetype for the SIS resource and an Employee Archetype for the HR Resource. Then I would like to extend those by adding Object Templates that could specifically affect the respective Archetype Users. Those Object Templates would have specific name and email constructions, auto-assigned roles, etc, just like the Person Object Template can have by default. Ultimately I'd like to know how a specific Template is applied to a specific Archetype.
+
+Slavek Licehammer
+Hi Trevor. You are looking for objectTemplateRef in the archetype configuration. For example: https://github.com/Evolveum/midpoint/blob/master/config/initial-objects/archetype/702-archetype-person.xml#L22
+Having separate archetype for students and separate for employees might be problematic if a single user can be both employee and student at the same time. I'm still looking for a universal design pattern how to represent affiliations, but I'm not sure if there is any. Because different universities are handling it differently.
+
+Trevor Lucas
+Hi Slavek, that's exactly it. Thank you! I see that now in the Person Archetype and am wondering how I didn't see it before.
+I was wondering the same thing about splitting into separate archetypes versus using the Person archetype. We can have Students who are also Student Employees, but I was thinking of handling that with Roles. So a Student Archetype User could have a role of Student Employee and get their account created, roles assigned, all that stuff. These would be different than Employee Archetype Users in ways like software licensing.
+Either way we do it we'll have to have some kind of logic to determine which Person is staff, which is student, and grant them roles that way. Would you recommend for a new midPoint deployment to use the Person archetype and build out from there?
+
+Trevor Lucas
+After pondering some more today, I think it will be the best approach to use Person Archetype and not try to split it out by "user type". We would immediately run into collisions with people who are both Students and Employees, and you can't really make those Users owner of other Users. I think we'll rely on roles and getting those auto-assigned to get people their correct accounts and everything else.
+Thank you, again!
+
+Amol Athawale
+We had also tried to use different archetypes for different user types, however, after some brainstorming we ended up using the single USDPerson Archetype (custom) for all our users (employee, student, student workers etc). I remember reading a statement in the Archetype chapter, that it is not recommended to change the archetype of the user in the entire life cycle. We have scenarios where employees enroll for full time degree programs and students become full time employees (different from student worker).
+
+Trevor Lucas
+@Amol Athawale
+Why did you go with a custom Archetype rather than use Person? There must have been some benefits that I'm not thinking of. The immediate one would be insulation from changes that get made to "Person" over different versions of midPoint. If you don't mind sharing, what were the pros/cons?
+
+Amol Athawale
+Hello Trevor, I apologize if this isn't the answer you were expecting, but part of the reason lies in my preference for avoiding defaults. Initially, we created a hierarchical structure of Archetypes but quickly realized it wasn't working for us, so we reverted to using the parent archetype (USDPerson). As I'm still fairly new to Midpoint, I wanted to thoroughly understand the relationships between various objects like Archetypes, Object Templates, Resources, etc. Creating custom components wherever possible is helping me do that.
+FYI - We are still in development phase.
+
+Trevor Lucas
+Fair enough, we are in a similar boat. Very much in development and trying lots of different things. Thank you for the reply, I appreciate it.
+Thank you, Amol! We would have similar scenarios. We also have staff who are faculty, students and student employees who make that transition to FTE (and sometimes back again), etc. Better to keep them all as "Person" or equivalent, especially if Archetype should never change on a user.
+Footer
+Internet2
+
+Internet2 avatar Internet2
+
+© 2024 GitHub, Inc.
+Footer navigation
+
+ Help
+ Support
+
+GitHub Enterprise Server 3.12.0
+iam-knowledge-bits/docs/stay-with-single-object-type-for-user at main · internet2/iam-knowledge-bits
From 7ed64d4e672d51479e32b66e70c004e79f50c20f Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 13:07:00 -0500
Subject: [PATCH 124/126] Update
do-not-use-different-archetypes-for-student-and-employees.adoc
---
...fferent-archetypes-for-student-and-employees.adoc | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/docs/do-not-use-different-archetypes-for-student-and-employees.adoc b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
index 108cc28..b1eb011 100644
--- a/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
+++ b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
@@ -1,21 +1,25 @@
-do-not-use-different-archetypes-for-student-and-employees.adoc
+==== Do Not Use Different Archetypes for Student and Employees
Trevor Lucas
Hello, I am trying to understand the relationship between Archetypes and Object Templates. Specifically, I'm looking at the built-in Person Archetype and the Person Object Template in midPoint 4.8 and trying to understand how they are linked together so that I can extrapolate them to other Archetypes and Object Templates. I can't see any assignments or links between the two object types within the XML. I have looked at examples within the Workbench and the midPoint demos and have read the Archetype and Object Template docs several times trying to find this answer.
+
The end goal is to try to mimic the Workbench and have a Student Archetype for the SIS resource and an Employee Archetype for the HR Resource. Then I would like to extend those by adding Object Templates that could specifically affect the respective Archetype Users. Those Object Templates would have specific name and email constructions, auto-assigned roles, etc, just like the Person Object Template can have by default. Ultimately I'd like to know how a specific Template is applied to a specific Archetype.
Slavek Licehammer
Hi Trevor. You are looking for objectTemplateRef in the archetype configuration. For example: https://github.com/Evolveum/midpoint/blob/master/config/initial-objects/archetype/702-archetype-person.xml#L22
+
Having separate archetype for students and separate for employees might be problematic if a single user can be both employee and student at the same time. I'm still looking for a universal design pattern how to represent affiliations, but I'm not sure if there is any. Because different universities are handling it differently.
Trevor Lucas
Hi Slavek, that's exactly it. Thank you! I see that now in the Person Archetype and am wondering how I didn't see it before.
I was wondering the same thing about splitting into separate archetypes versus using the Person archetype. We can have Students who are also Student Employees, but I was thinking of handling that with Roles. So a Student Archetype User could have a role of Student Employee and get their account created, roles assigned, all that stuff. These would be different than Employee Archetype Users in ways like software licensing.
+
Either way we do it we'll have to have some kind of logic to determine which Person is staff, which is student, and grant them roles that way. Would you recommend for a new midPoint deployment to use the Person archetype and build out from there?
Trevor Lucas
After pondering some more today, I think it will be the best approach to use Person Archetype and not try to split it out by "user type". We would immediately run into collisions with people who are both Students and Employees, and you can't really make those Users owner of other Users. I think we'll rely on roles and getting those auto-assigned to get people their correct accounts and everything else.
+
Thank you, again!
Amol Athawale
@@ -27,15 +31,13 @@ Why did you go with a custom Archetype rather than use Person? There must have b
Amol Athawale
Hello Trevor, I apologize if this isn't the answer you were expecting, but part of the reason lies in my preference for avoiding defaults. Initially, we created a hierarchical structure of Archetypes but quickly realized it wasn't working for us, so we reverted to using the parent archetype (USDPerson). As I'm still fairly new to Midpoint, I wanted to thoroughly understand the relationships between various objects like Archetypes, Object Templates, Resources, etc. Creating custom components wherever possible is helping me do that.
+
FYI - We are still in development phase.
Trevor Lucas
Fair enough, we are in a similar boat. Very much in development and trying lots of different things. Thank you for the reply, I appreciate it.
-Thank you, Amol! We would have similar scenarios. We also have staff who are faculty, students and student employees who make that transition to FTE (and sometimes back again), etc. Better to keep them all as "Person" or equivalent, especially if Archetype should never change on a user.
-Footer
-Internet2
-Internet2 avatar Internet2
+Thank you, Amol! We would have similar scenarios. We also have staff who are faculty, students and student employees who make that transition to FTE (and sometimes back again), etc. Better to keep them all as "Person" or equivalent, especially if Archetype should never change on a user.
© 2024 GitHub, Inc.
Footer navigation
From 50ba5b78aebab632ed67b616454a7f3d866eb820 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Wed, 16 Oct 2024 13:08:26 -0500
Subject: [PATCH 125/126] Update
do-not-use-different-archetypes-for-student-and-employees.adoc
---
...-archetypes-for-student-and-employees.adoc | 25 ++++++-------------
1 file changed, 8 insertions(+), 17 deletions(-)
diff --git a/docs/do-not-use-different-archetypes-for-student-and-employees.adoc b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
index b1eb011..e174a00 100644
--- a/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
+++ b/docs/do-not-use-different-archetypes-for-student-and-employees.adoc
@@ -1,49 +1,40 @@
==== Do Not Use Different Archetypes for Student and Employees
-Trevor Lucas
+Trevor Lucas +
Hello, I am trying to understand the relationship between Archetypes and Object Templates. Specifically, I'm looking at the built-in Person Archetype and the Person Object Template in midPoint 4.8 and trying to understand how they are linked together so that I can extrapolate them to other Archetypes and Object Templates. I can't see any assignments or links between the two object types within the XML. I have looked at examples within the Workbench and the midPoint demos and have read the Archetype and Object Template docs several times trying to find this answer.
The end goal is to try to mimic the Workbench and have a Student Archetype for the SIS resource and an Employee Archetype for the HR Resource. Then I would like to extend those by adding Object Templates that could specifically affect the respective Archetype Users. Those Object Templates would have specific name and email constructions, auto-assigned roles, etc, just like the Person Object Template can have by default. Ultimately I'd like to know how a specific Template is applied to a specific Archetype.
-Slavek Licehammer
+Slavek Licehammer +
Hi Trevor. You are looking for objectTemplateRef in the archetype configuration. For example: https://github.com/Evolveum/midpoint/blob/master/config/initial-objects/archetype/702-archetype-person.xml#L22
Having separate archetype for students and separate for employees might be problematic if a single user can be both employee and student at the same time. I'm still looking for a universal design pattern how to represent affiliations, but I'm not sure if there is any. Because different universities are handling it differently.
-Trevor Lucas
+Trevor Lucas +
Hi Slavek, that's exactly it. Thank you! I see that now in the Person Archetype and am wondering how I didn't see it before.
I was wondering the same thing about splitting into separate archetypes versus using the Person archetype. We can have Students who are also Student Employees, but I was thinking of handling that with Roles. So a Student Archetype User could have a role of Student Employee and get their account created, roles assigned, all that stuff. These would be different than Employee Archetype Users in ways like software licensing.
Either way we do it we'll have to have some kind of logic to determine which Person is staff, which is student, and grant them roles that way. Would you recommend for a new midPoint deployment to use the Person archetype and build out from there?
-Trevor Lucas
+Trevor Lucas +
After pondering some more today, I think it will be the best approach to use Person Archetype and not try to split it out by "user type". We would immediately run into collisions with people who are both Students and Employees, and you can't really make those Users owner of other Users. I think we'll rely on roles and getting those auto-assigned to get people their correct accounts and everything else.
Thank you, again!
-Amol Athawale
+Amol Athawale +
We had also tried to use different archetypes for different user types, however, after some brainstorming we ended up using the single USDPerson Archetype (custom) for all our users (employee, student, student workers etc). I remember reading a statement in the Archetype chapter, that it is not recommended to change the archetype of the user in the entire life cycle. We have scenarios where employees enroll for full time degree programs and students become full time employees (different from student worker).
-Trevor Lucas
+Trevor Lucas +
@Amol Athawale
Why did you go with a custom Archetype rather than use Person? There must have been some benefits that I'm not thinking of. The immediate one would be insulation from changes that get made to "Person" over different versions of midPoint. If you don't mind sharing, what were the pros/cons?
-Amol Athawale
+Amol Athawale +
Hello Trevor, I apologize if this isn't the answer you were expecting, but part of the reason lies in my preference for avoiding defaults. Initially, we created a hierarchical structure of Archetypes but quickly realized it wasn't working for us, so we reverted to using the parent archetype (USDPerson). As I'm still fairly new to Midpoint, I wanted to thoroughly understand the relationships between various objects like Archetypes, Object Templates, Resources, etc. Creating custom components wherever possible is helping me do that.
FYI - We are still in development phase.
-Trevor Lucas
+Trevor Lucas +
Fair enough, we are in a similar boat. Very much in development and trying lots of different things. Thank you for the reply, I appreciate it.
Thank you, Amol! We would have similar scenarios. We also have staff who are faculty, students and student employees who make that transition to FTE (and sometimes back again), etc. Better to keep them all as "Person" or equivalent, especially if Archetype should never change on a user.
-
-© 2024 GitHub, Inc.
-Footer navigation
-
- Help
- Support
-
-GitHub Enterprise Server 3.12.0
-iam-knowledge-bits/docs/stay-with-single-object-type-for-user at main · internet2/iam-knowledge-bits
From da2eb65b810b5eebe41423f8a6a94891d8cf4465 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Thu, 16 Jan 2025 19:55:17 -0600
Subject: [PATCH 126/126] Update postgres-only-workbench.adoc
---
docs/postgres-only-workbench.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/postgres-only-workbench.adoc b/docs/postgres-only-workbench.adoc
index bce39d6..256372f 100644
--- a/docs/postgres-only-workbench.adoc
+++ b/docs/postgres-only-workbench.adoc
@@ -1,4 +1,4 @@
-== Modifying the Workbench so the HR source and the Wordpress shift from Mariadb to Postgres
+== Modifying the Workbench so the HR source and the Wordpress instance shift from Mariadb to Postgres
This will make Postgres the only database in the Workbench