Menu
▾
▴
Re: [Unity-idm-discuss] Attributes (was Re: Oauth2 client: 404?)
|
From: Krzysztof B. <kb...@un...> - 2016-12-28 09:26:29
|
W dniu 22.12.2016 o 11:36, Jan Wielemaker pisze: > Hi Krzysztof, > > On 20/12/16 23:45, Krzysztof Benedyczak wrote: > > It seems my issue is with attribute management in general and not so > much with oauth. > >>> P.s. Possibly related, I added the email and cn attributes to the >>> user through the admin/admin interface. After login as the >>> test user I had expected to see these attributes, but nope. >>> Is that expected? >> >> The question is about what you see in the Home (profile) endpoint? >> If so, you have to set what attributes are shown in the HomeUI. You can >> do this in endpoint's config, e.g.: >> >> unity.userhome.attributes.1.attribute=cn >> unity.userhome.attributes.1.group=/ >> unity.userhome.attributes.1.showGroup=true >> unity.userhome.attributes.1.editable=true >> >> note that the editable=true will work only for attributes which are >> globally set (attribute type settings) as self modifiable. > > I'm not yet doing much. I just started the default config, with the > default userhome.properties. That contains e.g., > > unity.userhome.attributes.2.attribute=email > unity.userhome.attributes.2.group=/ > unity.userhome.attributes.2.showGroup=false > unity.userhome.attributes.2.editable=true > > I added (as admin) a user "jan" with identity type userName to group /A. > Using the admin/admin endpoint I added the attributes "cn" and "email" for > "jan". Attribute classes and Attribute statements are empty. > > I expect the email and common name to show up in /home/home for jan, but > they are not there. It shows just this: > > Displayed name: [4] > Credentials status: Password credential: correct > Groups membership: > / > /A > Anonymous identifier :81533a69-3ef9-402d-947e-2c6ae69c2884 > User name: jan > > I think that means there is something wrong with the config, but I > have no clue what. There are two things to check: 1) whether you added the attribute email and cn for jan in group '/A'? Or in '/'? See in adminUI whether those are shown in /A group. 2) make sure that you have proper authZ setup. User jan must have read rights in Unity. See Authorization section in documentation. And there is also 3rd, unlikely option: you can configure attribute type as "local" - then I think it is not visible in HomeUI (but I'd need to recheck this). HTH, Krzysztof |
