Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

To make midPoint GUI more user friendly, especially for usual (not administrator) users, a separate section of Self Services was created. We want the users of midPoint not to be confused about some comlicated functionality of IDM system, that is why GUI for self services is simple, understandable and demostrative. This section is so obvious that you can easily scroll some chapters. This documentation is created to describe some configuration opportunities or some used conditions.

...

<adminGuiConfiguration>
<userDashboardLink>
<targetUrl>/self/profile</targetUrl>
<label>Profile</label>
<description>View/edit your profile</description>
<icon>
<cssClass>fa fa-user</cssClass>
</icon>
<color>blue</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile</authorization>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
</userDashboardLink>
<userDashboardLink>
<targetUrl>/self/credentials</targetUrl>
<label>Credentials</label>
<description>View/edit your credentials</description>
<icon>
<cssClass>fa fa-shield</cssClass>
</icon>
<color>red</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</authorization>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
</userDashboardLink>
</adminGuiConfiguration>

Attribute

Description

targetUrl

URL of the link target. It can be absolute URL with method specification or it can be relative URL. If the URL is relative, it is assumed that it is relative to the application root URL context.

label

Human-readable label to display with the link (or a key to the localization file). The label should be quite short (several words). It is meant to be displayed as a menu item label, launcher label, etc.

description

Human-readable desciption to display with the link (or a key to the localization file). The description can be longer (several sentences). It is meant to be displayed as a multi-line description, tooltip, etc.

icon

Icon to display for this link.

color

Primary color that will be used to render this link in case that multiple color options are supported.

authorization

Authorizations needed to display this link. If specified, the the link will be displayed only if the active user has one of the specified authorizations. If no authorization is specified then the link will be always displayed.

Profile page.

it is understandable from the name of the page that it displays user's profile data. Also, you can see user's progections, assignments and tasks there. If user has enough rights, he can also edit these data.

...

<password>
<propagationUserControl>mapping</propagationUserControl>
<passwordChangeSecurity>oldPassword</passwordChangeSecurity>
</password>

AttributeDescriptionPossible values

propagationUserControl

Constraints that define how propagation of the credentials can be controlled by the
user. E.g. if user can choose where the password change will be propagated.

mapping (Credentials propagation will be determined by the mappings. 

User cannot choose where the credentials will be propagated. The credentials propagation dialog will not be shown.)

userChoice (The user can choose where the credentials will be propagated. The propagation dialog will be shown.)

onlyMapping(Credentials propagation will be determined by the mappings. User cannot choose where the credentials will be propagated. But the propagation dialog will be shown.)

identityManagerMandatory(Identity Manager Repository will be propagated always. The user can choose where the other credentials will be propagated. The propagation dialog will be shown.)

passwordChangeSecurity

Additional security applied when changing a password.This applies when user is changing his own password. It does NOT apply when administrator changes password of other user.

none (No additional security. Password can be changed by supplying new value.)

oldPassword (User must supply old password to change the password.)


Request a role page (before v3.5).

...

Only requestable items should be displayed on the Request a role page. Requestable is a status which is computed according to Requestable field of the assignable item and according to the authorizations of the user (for now, this requestable status is computed only for Role type objects).