We are having an issue with Shibboleth and Apache Server. I am integrating with an SSO portal for a Tomcat application. I have the integration with the SSO portal figured out, but we are having an issue with the mapping of the attributes. We are obtaining a NameID which is the email address. I don’t know what I am missing. I can see the email in the Shibd.log, but I cannot see any attributes in the Shibboleth.sso/Session
Here is my configuration for the attribute-map:
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>
<Attribute name="emailAddress" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" id="emailAddress">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true" />
</Attribute>
<Attribute name="mail" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" id="mail">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true" />
</Attribute>
</Attributes>
Here is what I have in the Attribute-Policy:
<afp:AttributeFilterPolicyGroup
xmlns="urn:mace:shibboleth:2.0:afp:mf:basic"
xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
xmlns:afp="urn:mace:shibboleth:2.0:afp"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<afp:AttributeFilterPolicy>
<!-- This policy is in effect in all cases. -->
<afp:PolicyRequirementRule xsi:type="ANY"/>
<!-- Catch-all that passes everything else through unmolested. -->
<afp:AttributeRule attributeID="*" permitAny="true"/>
</afp:AttributeFilterPolicy>
</afp:AttributeFilterPolicyGroup>
The Shibd.log has the following verbiage:
019-12-16 16:48:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-12-16 16:48:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute emailAddress, Format/Namespace:urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-16 16:48:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute mail, Format/Namespace:urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
However, as previously mentioned we cannot see any attributes in Shibboleth.sso/Session
Am I missing anything?
This was fixed by adding the attributes:
<Attribute name="urn:mace:dir:attribute-def:mail" id="SHIB_MAIL"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="SHIB_MAIL"/>
This was the only attribute that showed up in the attribute portion of the SP Session.
Related
I'm trying to retrieve all the users and their roles across some environments in my Office 365 tenant using a Power Automate flow, but when I'm trying to query the Dataverse Web API either with OData or fetchXml, I always get the same error:
At this point I don't have any clue on how to fix it, if anyone could point me in the right direction I would really appreciate it. I also tried this in postman and it works without problem.
Thanks for your help.
I'm adding some extra information below.
URI
https://someorg.crm2.dynamics.com/api/data/v9.2/systemusers
Headers
{
"Accept": "application/json",
"OData-MaxVersion": "4.0",
"OData-Version": "4.0",
"Prefer": "odata.include-annotations=\"*\"",
"If-None-Match": "null",
"Content-Type": "application/json; charset=utf-8"
}
Query
<fetch top="1000">
<entity name="systemuser">
<attribute name="fullname" />
<attribute name="domainname" />
<link-entity name="systemuserroles" from="systemuserid" to="systemuserid" intersect="true">
<link-entity name="role" from="roleid" to="roleid" intersect="true">
<attribute name="name" />
<attribute name="roleid" />
</link-entity>
</link-entity>
</entity>
</fetch>
I want to remove child objects automatically on removable of the Parent object.
For instance, I have types Car and Engine. The car has an attribute Engine. When Car object is removed, Engine object that is bound to this Car should be removed automatically.
Thanks in advance, guys
Use the "partOf" modifier:
<itemtype code="Car" ...>
...
<attributes>
...
<attribute qualifier="engine" type="Engine">
<persistence type="property" />
<modifiers partof="true" />
</attribute>
</attributes>
</itemtype>
Can also be used with relations:
<relation code="CarToEngineRelation"...>
<sourceElement type="Car" ...>
</sourceElement>
<targetElement type="Engine" ...>
<modifiers partof="true"/>
</targetElement>
</relation>
#Johannes very well set the example.
Let me elaborate more on
What is PartOf?
PartOf modifier is used to define the aggregation relationship between Parent and Child objects. To explain it better I would say PartOf is used to defining cascade delete. When we delete Parent object then all its child objects(partOf) will be deleted automatically.
You can define it at attribute or relation with help of modifiers tag. Like
<itemtype code="User"
extends="Principal"
jaloclass="de.hybris.platform.jalo.user.User"
autocreate="true"
generate="true">
<deployment table="Users" typecode="4" propertytable="UserProps"/>
<attributes>
...
...
<attribute autocreate="true" qualifier="addresses" type="AddressCollection">
<modifiers partof="true"/>
</attribute>
<attribute autocreate="true" qualifier="carts" type="CartCollection">
<modifiers partof="true"/>
</attribute>
</attributes>
</itemtype>
If we remove a user, its all addresses & carts will be removed.
find the detailed post here
I have a problem with impex which contains document id reference.
From docs:
"Especially for importing partOf item values it is necessary to reference these items by means other than the usual unique column technique because partOf items often do not provide a unique key but only hold their enclosing parent as foreign key."
Items from *items.xml (only the most important parts)
<itemtype code="A" autocreate="true" generate="true" abstract="true"/>
<itemtype code="B" autocreate="true" generate="true" extends="A">
<deployment table="btable" typecode="20115" />
<attributes>
<attribute qualifier="code" type="java.lang.Integer" autocreate="true" generate="true">
<persistence type="property"/>
<modifiers optional="false"/>
</attribute>
</attributes>
</itemtype>
<itemtype code="C" autocreate="true" generate="true">
<deployment table="ctable" typecode="20117" />
<attributes>
<attribute qualifier="code" type="java.lang.String" autocreate="true" generate="true">
<persistence type="property"/>
<modifiers optional="false" unique="true"/>
</attribute>
<attribute qualifier="test" type="A" autocreate="true" generate="true">
<persistence type="property"/>
<modifiers optional="false" partof="true"/>
</attribute>
</attributes>
</itemtype>
Impex code:
INSERT B;code;&docIdRef
;1;docId
INSERT_UPDATE C;code[unique=true];test(&docIdRef)
;uniqueCode;docId
Error message:
cannot create C with values ItemAttributeMap[ registry: null, type: <null>, (...) due to [de.hybris.platform.servicelayer.interceptor.impl.MandatoryAttributesValidator#3b777877]:missing values for [test] in model C
When I removed 'partof' modifier from 'test' attribute (C class) everything worked fine.
I wonder how impex should looks like if i want to keep 'partof' modifier.
When you use partOf you must reference the partOf using the owner.
So it does :
INSERT B;owner(C.code);&docIdRef
;uniqueCode;docId
INSERT_UPDATE C;code[unique=true];test(&docIdRef)
;uniqueCode;docId
You don't need to assign B an identifier, you just need to reference the owner.
If you know for sure that your data is correct you can use [forceWrite=true] modifier or legacy mode to skip service layer validation.
You should also make sure that this configuration is what you really need. Setting either optional to true or partOf to false or providing default value should fix the issue as well.
Since you have mentioned partof="true" you can not assign a reference of type A. You can only create a new entity.
Check the OOTB AbstractOrder2AbstractOrderEntry relationship, they have mentioned partof="true" for AbstractOrderEntry means you can't reference any other AbstractOrderEntry to Order. You can always create new entry.
Have a look at HMC site as well
You can see here there is no + Add Entry button available here. The reciprocal can be possible.
I'm able to create new Story via POST to /VersionOne/rest-1.v1/Data/Story with corresponding XML payload. Setting all attributes (including relational) works like a charm. However I'm unable to figure out how to add a Link asset to the Story asset.
When I try POSTing to /VersionOne/rest-1.v1/Data/Link with following XML payload:
<Asset href='/VersionOne/rest-1.v1/New/Link'>
<Attribute name='AssetType' act='set'>Link</Attribute>
<Relation name='Asset' act='set'>
<Asset href='/VersionOne/rest-1.v1/Data/Story/123' idref='Story:123'/>
</Relation>
<Attribute name='OnMenu' act='set'>true</Attribute>
<Attribute name='URL' act='set'>http://my.example.com</Attribute>
<Attribute name='Name' act='set'>My Link Title</Attribute>
</Asset>
The server however returns:
<Error href="/VersionOne/rest-1.v1/Data/Link">
<Message>Violation'Readonly'Link.AssetType</Message>
<Exception class="VersionOne.DataException">
<Message>Violation'Readonly'Link.AssetType</Message>
</Exception>
</Error>
Seems like adding links is prohibited but actually I can add Links via the standard web interface without issues.
My original idea was to create Link asset first and then update the Story with respective relational attribute pointing to that Link asset.
Any ideas anyone?
Thanks!
(I'm using JavaScript/jQuery)
My bad. The <Attribute name='AssetType' act='set'>Link</Attribute> attribute in the POST payload is obviously wrong - it is trying to set the asset's type (link) which does not make sense since I'm stating the type in URL already. It works perfectly without the attribute (as expected).
I am creating report in SSRS for CRM. I have a table with Dataset for Appointment info and I noticed that it does not allow me to report on required attendees??? Is this true? If so is there a workaround around this? I basically want my report to show appointments details and of course who participated.
Any advice is much appreciated!
Below is the fetchXML I gathered from using Advanced Find in CRM 2013.
<fetch version="1.0" output-format="xml-platform" mapping="logical" distinct="false">
<entity name="appointment">
<attribute name="subject"/>
<attribute name="statecode"/>
<attribute name="scheduledstart"/>
<attribute name="activityid"/>
<attribute name="instancetypecode"/>
**<attribute name="requiredattendees"/>**
<order attribute="subject" descending="false"/>
<link-entity name="account" from="accountid" to="regardingobjectid" alias="ae">
<filter type="and">
<condition attribute="accountid" operator="eq" value="#name"/>
</filter>
</link-entity>
</entity>
</fetch>
To get this information you will have to create another one datasource and retrieve information from ActivityParty entity. All items like requiredattendees, optionalattendees in appointment, from, to, cc, bcc in email, e.t.c. are stored inside ActivityParty entity.