Hi,
my French is not as good as it used to be, so I am not very able to follow :-)
Please try to explain your needs as clear as possible, in English, possibly in
terms of requirements.
So far, I have understood that:
1. you have defined a PERSON AnyType
2. you have mapped PERSON to one or more External Resources
3. (maybe?) multiple PERSON instances are in Relationship with a single USER
instance
4. there are events (REST calls to Syncope API? Console modifications?) that are triggering changes
on PERSON instances ("arrives first", "change OrganizationalUnit") or possibly
the related USER instance; such changes will propagate, through the mapping(s) provided, to the
configured External Resource(s)
What I am failing to understand so far:
1. why you should be modifying the PERSON or USER AnyType definition when the
events occurs: I would expect changes to PERSON or USER instances (by adding /
removing attributes, memberships or relationships for example) but not the
AnyType itself
2. whether your are encapsulating somehow the changes (maybe via a custom REST
endpoint) which is meant to affect both a USER and related PERSON instance(s)
Maybe you can just provide a couple of examples, using Syncope concepts as
AnyType, Relationships, instances, Resources, etc.
Regards.
On 07/01/26 11:30, Stéphane Popoff wrote:
Happy new year,
About my use case I made a short video
[https://sites.google.com/spopoff.net/integrationsyncope/democonnsync?usp=sharing]
to explain the need.
Best regards,
Stéphane POPOFF
Le mer. 31 déc. 2025 à 11:27, Stéphane Popoff <[email protected]> a écrit :
Hi Francesco,
I want to manage access (User account) by an identity object, that was
supported by an AnyObject PERSON and it's connector. So the life cycle of the
object PERSON conducts the need of access of the identity. In fact PERSON is
the the real digital identity, not as User in the Syncope's design, and User
only supports access.
Hope it's more clear.
Best regards,
Stéphane popoff
Le mer. 31 déc. 2025, 07:59, Francesco Chicchiriccò <[email protected]> a
écrit :
Hi,
I am not sure to understand your use case - or better, I am not sure to
understand why a change to the USER AnyType should be involved.
Can you please describe what you are trying to achieve from an abstract point
of view?
Regards.
On 30/12/25 19:31, Stéphane Popoff wrote:
Hello,
I have a use case where a flow of objects (JPAAnyType[PERSON]) may
produce change on accounts (User).
Beside the 2 flows I want to introduce a business logic of kind:
- If a person arrive first, we give it a basic access to RH system and
a basic access to the tool of this operationalUnit
- If a person changes this operationalUnit, previous access is closed,
newest is open (with or without overlay)
- well real time implementation of an IAM system ;-)
My question is where can I put this logic ? In the Provisioning
Manager or/and/xor in the Workflow ?
I did some tests and found that mixing operations across types
(JPAAnyType[PERSON] and User) in a basic workflow creates problems.
Best regards, happy new eve,
Stéphane POPOFF
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA
https://about.me/ilgrosso
