Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

MidPoint 4.0 and later

Introduction

MidPoint allows to use multiple accounts on a particular resource, provided that they have unique kind and intent combination. However, there are cases that this is not quite enough. There is often a case that a particular resource can have more than one resource with that kind/intent combination. An example can be an HR system that keeps a single record for every employment contract for a particular user. Therefore there may be multiple contracts during employee lifecycle, some of them valid, other already expired. We cannot use intent to distinguish between them because all the intents have to be strictly defined in resource schema handling. But in this case we do not know how many contracts the user can have, therefore there is no good way to define the intents.

MidPoint 4.0 introduced a new concept of tag to distinguish such accounts. There may be as many accounts as needed as long as they have unique (resource, kind, intent, tag) combination (also known as discriminator). Unlike intent, tags are dynamically generated and they do not have to be defined beforehand.

Resource Configuration

The use of "multiaccounts" feature is disabled by default. The ability to use allow multiple accounts and use tags needs to be explicitly enabled in resource schema handling by using multiplicity element:

<resource>
    ...
    <schemaHandling>
        <objectType>
            ...
            <multiplicity>
				<maxOccurs>unbounded</maxOccurs>
			</multiplicity>
            ...
        </objectType>
    <schemaHandling>
    ...
</resource>

This setting allows multiple resource objects to exists (and be linked to a focus) for that particular object type. Each of the objects needs to be distinguished by a unique tag value.

Generating Tag Values

TODO: default: Shadow OID

Inbound Mappings

TODO: collected from all the "tags"

Limitations

This "multiaccounts" feature is not implemented completely. The implementation is currently limited:

  • Multiple resource objects are currently supported only in inbound direction. I.e. it works only for authoritative source resources. This feature will not work in the outbound direction. It may not not work even if inbound and outbound mappings are combined in a single resource.
  • GUI support is very limited.

See Also

  • No labels