Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Willem E. <wi...@cl...> - 2017-04-04 07:10:44
|
Thanks, confirmed this solved our issue. On 03/04/17 19:33, Krzysztof Benedyczak wrote: > Willem, > > W dniu 03.04.2017 o 17:25, Willem Elbers pisze: >> Dear Krzysztof, >> >> is it possible to prevent browser from showing the client certificate >> popup when we are not using X.509 certificates for authentication? >> >> As you might know this results in issues for Safari users. > > If you don't use client-cert authN at all then set: > > unityServer.core.httpServer.wantClientAuthn=false > > Note that this is per-server setting. > > Best > Krzysztof -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Sander A. <sa....@fz...> - 2017-04-04 05:48:35
|
Hi Krzysztof,
thanks a lot. I was able to remove internal groups from output.
Best regards,
Sander
Am Montag, den 03.04.2017, 20:32 +0200 schrieb Krzysztof Benedyczak:
> Hi,
>
> W dniu 03.04.2017 o 10:59, Sander Apweiler pisze:
> > Hi Krzysztof,
> >
> > We have some unity subgroups fro internal usage like enquiry forms.
> > Those groups should not provided to SPs. Is is possible to filter
> > elements from groups attribute?
> >
>
> Easy & typical way would be to use subGroups property of the output
> profile to fill the produced groups attribute. If this is not enough
> and
> you need to perform more fancy filtering, then you can do basically
> anything with MVEL.
>
> For instance something like this (not much tested) should produce a
> list
> of groups starting with '/foo/':
>
> ($ in groups if $.startsWith('/foo/'))
>
> and use this as your membership attribute value.
>
> See MVEL docs for more examples. There is also MVEL shell available
> (java -jar mvel-....jar) for easy testing.
>
> Best
> Krzysztof
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 18:32:33
|
Hi,
W dniu 03.04.2017 o 10:59, Sander Apweiler pisze:
> Hi Krzysztof,
>
> We have some unity subgroups fro internal usage like enquiry forms.
> Those groups should not provided to SPs. Is is possible to filter
> elements from groups attribute?
>
Easy & typical way would be to use subGroups property of the output
profile to fill the produced groups attribute. If this is not enough and
you need to perform more fancy filtering, then you can do basically
anything with MVEL.
For instance something like this (not much tested) should produce a list
of groups starting with '/foo/':
($ in groups if $.startsWith('/foo/'))
and use this as your membership attribute value.
See MVEL docs for more examples. There is also MVEL shell available
(java -jar mvel-....jar) for easy testing.
Best
Krzysztof
|
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 18:01:19
|
Hi Sander, W dniu 03.04.2017 o 09:16, Sander Apweiler pisze: > Hi Krzysztof, > > We got some user feedback and want to solve some points. One point was > that user did not understand the object identifier notation for > attributes used by some of our SP. The user wishes some > information/explanation when they select their attributes to release in > SAML web authentication. Some IdPs/federations require such explanation > and other are planning to require it. > > Is it possible to display some explanation about attributes on the page > where users select their release attributes? Not currently. In general this would require some development and more precise usage requirements from you, as recently I've got other request to make this somehow read only or hidden - details to be clarified still. Any UI requirements? Additional problem is that the attributes being exposed can come from output profile. We would need to implement support for setting descriptions there too. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:54:28
|
Hi, W dniu 31.03.2017 o 12:20, Sander Apweiler pisze: > Hi Krzysztof, > > We need to provide some additional files like FAQ or DPS together with > unity. In manual I found the config for WebContents directory, but I > was not able to browse to a file which is stored in this directory. > > Is it possible to store files there and provide them with the webserver > used by unity? Yes, but not in an elegant way. Using Unity as a generic web server was not yet considered. So first of all everything in Unity is accessed in a context of some endpoint. There is one special endpoint, always available, which is accessible under /unitygw path. It won't expose arbitrary files to the world from webContents. However it exposes everything that is in VAADIN directory of webContents. So if you add 'test.txt' to webcontents/VAADIN, you can access it from: https://<unity.host.com>/unitgw/VAADIN/test.txt We can add some other directory mapping easily but currently only such trick will work. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:38:27
|
Hi, W dniu 03.04.2017 o 15:52, Willem Elbers pisze: > Hi Krzysztof, > > from what I've understood from Shiraz unity doesn't support refreshing > of OAuth2 tokens. > > I would like to make this a feature request on behalf of EUDAT. > Shiraz is right in this sense that OAuth refresh is not yet supported. We have it somewhere in the plans and I can open a ticket for EUDAT. However before opening can you please confirm that auto extension feature won't work for you? See documentation for this property: extendAccessTokenValidityUpTo Basically if you turn it on you get automatic enhancement of actively used token validity up to certain time. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:33:37
|
Willem, W dniu 03.04.2017 o 17:25, Willem Elbers pisze: > Dear Krzysztof, > > is it possible to prevent browser from showing the client certificate > popup when we are not using X.509 certificates for authentication? > > As you might know this results in issues for Safari users. If you don't use client-cert authN at all then set: unityServer.core.httpServer.wantClientAuthn=false Note that this is per-server setting. Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-03 15:25:22
|
Dear Krzysztof, is it possible to prevent browser from showing the client certificate popup when we are not using X.509 certificates for authentication? As you might know this results in issues for Safari users. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-04-03 13:52:11
|
Hi Krzysztof, from what I've understood from Shiraz unity doesn't support refreshing of OAuth2 tokens. I would like to make this a feature request on behalf of EUDAT. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Sander A. <sa....@fz...> - 2017-04-03 09:00:13
|
Hi Krzysztof, We have some unity subgroups fro internal usage like enquiry forms. Those groups should not provided to SPs. Is is possible to filter elements from groups attribute? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2017-04-03 07:16:22
|
Hi Krzysztof, We got some user feedback and want to solve some points. One point was that user did not understand the object identifier notation for attributes used by some of our SP. The user wishes some information/explanation when they select their attributes to release in SAML web authentication. Some IdPs/federations require such explanation and other are planning to require it. Is it possible to display some explanation about attributes on the page where users select their release attributes? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2017-03-31 10:21:17
|
Hi Krzysztof, We need to provide some additional files like FAQ or DPS together with unity. In manual I found the config for WebContents directory, but I was not able to browse to a file which is stored in this directory. Is it possible to store files there and provide them with the webserver used by unity? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Willem E. <wi...@cl...> - 2017-03-30 09:08:00
|
Dear Krzysztof, On 28/03/17 23:59, Krzysztof Benedyczak wrote: > W dniu 28.03.2017 o 14:49, Willem Elbers pisze: >> Dear Krzystof, >> >> in addition to this issue, is it possible to change the component user >> to render an attribute in the registration form? >> >> Instead of the combo box it could be nice to use a list component (as >> used in the "attribute types management" attribute type editor). >> >> Or even better a search option which dynamically filters the results. > > I think that the list component is not a good approach - would occupy > a lot of space always, would be quite ugly for couple of say 3-4 > elements enums on reg screen. I agree but what I meant is to make it configurable per enumeration type attribute. For attributes with enumerations with a limit set of value the combo box is perfectly fine. In our case we want to collect country as one of the attributes. This results in a combo box of ~250 values. In this case I would probably prefer the list component, especially because the paging mechanism in the list component is better than in the combo box in my opinion. Again, this makes only sense if it is configurable on a per attribute case. > > I've turned on search/filtering - indeed it was not enabled. So now > you will be able to type to filter the selection in the usual way. > Thanks. > Best, > Krzysztof > > Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Krzysztof B. <kb...@un...> - 2017-03-28 21:59:33
|
W dniu 28.03.2017 o 14:49, Willem Elbers pisze: > Dear Krzystof, > > in addition to this issue, is it possible to change the component user > to render an attribute in the registration form? > > Instead of the combo box it could be nice to use a list component (as > used in the "attribute types management" attribute type editor). > > Or even better a search option which dynamically filters the results. I think that the list component is not a good approach - would occupy a lot of space always, would be quite ugly for couple of say 3-4 elements enums on reg screen. I've turned on search/filtering - indeed it was not enabled. So now you will be able to type to filter the selection in the usual way. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-03-28 21:17:47
|
Dear Willem, W dniu 28.03.2017 o 16:49, Willem Elbers pisze: > Dear Krzysztof, > > we are using account invitations now to import existing users into unity > IDM. > We create the invitations via the REST interface. Our identities are > email based and require confirmation. > > We have noticed that when creating an invitation with a prefilled email > value, with the confirmed option checked (see attached screenshot), > unity is still sending email confirmation messages. > > Is it possible to mark these email addresses as confirmed without > sending the mails to the end users? (We are using the same email address > to send the invitation, so the email address is already confirmed). Yes, however only if you set the prefill mode to anything else than the "Value will be used as a default". If this is set as default this value is only a hint, but it is not treated specially (user can change it) and confirmation state is not preserved. When this is either hidden or presented read-only then the confirmation state should be preserved - the value from invitation is used directly. HTH, Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-03-28 14:49:52
|
Dear Krzysztof, we are using account invitations now to import existing users into unity IDM. We create the invitations via the REST interface. Our identities are email based and require confirmation. We have noticed that when creating an invitation with a prefilled email value, with the confirmed option checked (see attached screenshot), unity is still sending email confirmation messages. Is it possible to mark these email addresses as confirmed without sending the mails to the end users? (We are using the same email address to send the invitation, so the email address is already confirmed). Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-03-28 12:49:27
|
Dear Krzystof, in addition to this issue, is it possible to change the component user to render an attribute in the registration form? Instead of the combo box it could be nice to use a list component (as used in the "attribute types management" attribute type editor). Or even better a search option which dynamically filters the results. Best, Willem On 28/03/17 10:08, Willem Elbers wrote: > Dear Krzysztof, > > We've observed this in drop down lists (based on enumerated attributes) > in the account registration form. > > Best, > > Willem > > > On 27/03/17 23:16, Krzysztof Benedyczak wrote: >> Dear Willem, >> >> W dniu 27.03.2017 o 10:48, Willem Elbers pisze: >>> Dear Krzysztof, >>> >>> currently values in an enumeration seems to be displayed randomly (not >>> alphabetical and also not in order of addition). >>> >>> Is it possible to display these values in some sorted way? Preferably >>> alpabetical. >> Sure we can improve this, but can you please be more precise - where >> is this issue? >> >> Cheers, >> Krzysztof >> -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-03-28 08:10:00
|
Dear Krzysztof, this is not high priority. We can switch to plain text emails for now. However it is a nice to have. Best, Willem On 27/03/17 23:13, Krzysztof Benedyczak wrote: > Hi Willem, > > W dniu 24.03.2017 o 10:45, Willem Elbers pisze: >> Dear Krzysztof, >> >> is it possible to change the email content encoding (Content-Type >> header) for the email notification channel to "text/html" (instead of >> the default "text/plain")? > > Unfortunately not. I can open a FR about this if this is an important > issue, however this is bit bigger work then other things you reported. > > Best, > Krzysztof -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-03-28 08:08:54
|
Dear Krzysztof, We've observed this in drop down lists (based on enumerated attributes) in the account registration form. Best, Willem On 27/03/17 23:16, Krzysztof Benedyczak wrote: > Dear Willem, > > W dniu 27.03.2017 o 10:48, Willem Elbers pisze: >> Dear Krzysztof, >> >> currently values in an enumeration seems to be displayed randomly (not >> alphabetical and also not in order of addition). >> >> Is it possible to display these values in some sorted way? Preferably >> alpabetical. > > Sure we can improve this, but can you please be more precise - where > is this issue? > > Cheers, > Krzysztof > -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Krzysztof B. <kb...@un...> - 2017-03-27 21:16:53
|
Dear Willem, W dniu 27.03.2017 o 10:48, Willem Elbers pisze: > Dear Krzysztof, > > currently values in an enumeration seems to be displayed randomly (not > alphabetical and also not in order of addition). > > Is it possible to display these values in some sorted way? Preferably > alpabetical. Sure we can improve this, but can you please be more precise - where is this issue? Cheers, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-03-27 21:13:26
|
Hi Willem, W dniu 24.03.2017 o 11:03, Willem Elbers pisze: > Hi Krzysztof, > > we have observed an issue with the display of html added to the > description of a password credential definition in the credential > management section of /home/home, see the attached image. > > This is the case while using "unityServer.core.allowFullHtml=true", > which does work in other parts of the UI. > > Related to this issue (we try to explain the password requirements with > a html list <ul></ul>); is it possible to have an indication of the > password requirements in the screens where a user has to set / update a > password? If not, this would be a feature request. Yeah, it is not working as expected - or better said - not in consistent way as for registration form asking about credential properly interprets HTML (assuming allowFullHtml=true). I've opened a ticket about this - it is trivial to fix. Seems that only 2 places are affected: RO credential view in Admin UI + the aforementioned HomeUI screen. Thanks, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-03-27 21:13:20
|
W dniu 24.03.2017 o 10:43, Willem Elbers pisze: > While testing this can work, for real user accounts this is not really a > nice work around. OK, opened a FR about this. At least for identities this might be handy in Admin UI (and is easy to add). Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-03-27 21:13:16
|
Hi Willem, W dniu 24.03.2017 o 10:45, Willem Elbers pisze: > Dear Krzysztof, > > is it possible to change the email content encoding (Content-Type > header) for the email notification channel to "text/html" (instead of > the default "text/plain")? Unfortunately not. I can open a FR about this if this is an important issue, however this is bit bigger work then other things you reported. Best, Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-03-27 08:48:54
|
Dear Krzysztof, currently values in an enumeration seems to be displayed randomly (not alphabetical and also not in order of addition). Is it possible to display these values in some sorted way? Preferably alpabetical. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-03-24 10:03:32
|
Hi Krzysztof, we have observed an issue with the display of html added to the description of a password credential definition in the credential management section of /home/home, see the attached image. This is the case while using "unityServer.core.allowFullHtml=true", which does work in other parts of the UI. Related to this issue (we try to explain the password requirements with a html list <ul></ul>); is it possible to have an indication of the password requirements in the screens where a user has to set / update a password? If not, this would be a feature request. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
