10.1:documentation:modules_extras

CzechIdM - extras

CzechIdM - extras contains various features, which are not suited to be in any other module. List of the currently supported features is below.

Currently supported CzechIdM version : 9.2.2

Code contributions missing tests and/or documentation will be rejected. If such code is somehow present in the develop branch, the develop is considered unstable and no new releases of the module (and merges into master) can be made.
  • When developing, use our standard gitflow:
    • Branch per feature. Branch naming as usual.
    • Develop on top of the develop.
    • Master branch contains tagged releases.
    • The only way for code to get into master is by pull request develop → master.
  • Release process
    • After merging all features wanted for the release, one (selected) developer builds the develop. If it builds fine and tests are also OK, the developer edits module version in pom.xml and package.json files and sets it to X.Y.Z.
    • Developer creates pull request on GitHub to merge develop → master.
    • Repo admin (or any other authorized user) reviews the pull request, can request changes if necessary. Unresolved TODOs, missing comments, bad codestyle or documentation, suspected bugs, etc. - all those things can be grounds for change request.
    • If the pull request is OK, repo admin merges it.
    • Repo admin creates a new release in GitHub interface, version is set to X.Y.Z to correspond with version set in project sources.
    • Repo admin pushes release into BCV Nexus.
    • After release, repo admin makes changes on the develop branch: upps module version to X(+1).Y(+1).Z(+1)-SNAPSHOT in the pom.xml and package.json. What the next version of the module will be is up to discussion preceding the release.

Documentation is available here: Systems - Import of data from CSV

Documentation is available here: Automatic role definitions - Import of data from CSV

Documentation is available here: Roles - Import of data from CSV

Documentation is available here: Automatic roles - adding role by node in structure

Documentation is available here: Status task - How to prepare the task

Documentation is available here: sso_authentificate

This feature enable that if you are guarantee at least for one role then you will see all users and you can assign/delete/edit roles for which you are guarantee. You can see all user's roles but you can't change the others for which you are not guarantee

For correct behavior you need to configure three new evaluators to userRole:

  • IdentityAccessForRoleGuaranteeEvaluator
  • IdentityRoleAccessForRoleGuaranteeEvaluator
  • RoleRequestAccessForRoleGuaranteeEvaluator

Other thing you need to do is to enable service ExtrasIdmConceptRoleRequestService. This service is by default turned off in extras module. Go to your project modul and create new service which will inherit from ExtrasIdmConceptRoleRequestService and add annotation Primary and Service.

Update IdmConceptRoleRequestDto is allowed everybody that will change only audited fields or systemState field (this is for update state of whole request after retry mechanism or approving virtual request).

Report will compare value of attributes with connected system. Connected system does not need to be in read only. More information is available here: Report - Compare values in IdM to system

A notification about the end of identity's last contract will be sent to those who have a specified role assigned and optionally the manager of the user. A different notification can be sent before the contract ends and when it ends. More information is available here: Notification - the end of identity's last contract

Almost every project receive all titles in one string and IdM allow separates titles before and after. For this case was created in ExtrasUtils two methods getTitlesAfter and getTitlesBefore. And transformation scripts extrasGetTitlesBefore and extrasGetTitlesAfter, transformation scripts calls method from utils.

Dictionary with titles can be setup by configuration properties. Default values exists.

idm.sec.extras.configuration.titlesAfter="Ph.D.", "Th.D.", "CSc.", "DrSc.", "dr. h. c.","DiS.", "MBA"
idm.sec.extras.configuration.titlesBefore="Bc.", "BcA.", "Ing.", "Ing. arch.", "MUDr.","MVDr.", "MgA.", "Mgr.", "JUDr.", "PhDr.", "RNDr.", "PharmDr.", "ThLic.", "ThDr.", "prof.", "doc.","PaedDr.", "Dr.", "PhMr."

You can use this tool to create automatic roles which are assigned based on the position within the organization structure using a CSV file as a source. More information is available here: Automatic roles on tree nodes - import data from CSV

Since module version 1.4.0 was exists better workflow for groups synchronization than in core. This workflow has same features as product. In product will be available same feature as this workflow but with configuration from GUI.

Documentation for configuration is available Systems - Groups synchronization workflow.