Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
|
Nov
|
Dec
|
|
From: Jan W. <J.W...@cw...> - 2016-12-15 15:04:15
|
Hi, I'm completely new to Unity. I'm trying to setup an experimental server, first using an oauth2 client. Setting up Unity itself is easy :) I minimally edited oauth2-as.properties, changed issuerUri and usersGroup: unity.oauth2.as.issuerUri=https://woezel.ia.cwi.nl:2443/oauth2 unity.oauth2.as.usersGroup=/ I have added a client to /oauth-clients as a new entity using 'identifier' "swish@turin", adding attributes sys:oauth:groupForClient=/ sys:oauth:allowedReturnURI=https://turin.ia.cwi.nl:1443/oauth2-reply sys:oauth:allowedGrantFlows=authorizationCode According to "Server management" tab, UNITY OAuth2 Authorization Server: Context address: /oauth2-as So, I redirect to https://woezel.ia.cwi.nl:2443/oauth2-as?response_type=code&client_id=swish@turin&redirect_uri=https%3A//turin.ia.cwi.nl%3A1443/oauth2-reply&scope=profile This causes the browser to redirect to (not the "as/") https://woezel.ia.cwi.nl:2443/oauth2-as/?response_type=code&client_id=swish@turin&redirect_uri=https%3A//turin.ia.cwi.nl%3A1443/oauth2-reply&scope=profile which returns 404 :( Note that both Unity and the target client use self-signed SSL certificates (although I don't think that matters). What am I missing? Thanks --- Jan |
|
From: Krzysztof B. <kb...@un...> - 2016-11-29 17:27:07
|
Hi Shiraz,
W dniu 28.11.2016 o 16:19, Shiraz Memon pisze:
> Hi,
>
> Is it possible to query for entity attributes
> (/rest-admin/v1/entity/{entity-id}/attributes) based on the admin.
> defined output translation profiles? Currently only the system defined
> attributes (from attribute schema) are returned through the rest admin
> interface.
> This is however not the case while querying for the attributes through
> /userinfo or saml (esp. soap) endpoints.
No there is no such option. This is longer story: output profile is very
much dependent on the endpoint's (or actually IdP endpoint)
configuration. Oauth/SAML endpoint provides quite a lot of context as
the profile's input.
REST admin endpoint is on the other hand administrative utility.
We can think however about some debug facility as it was done for input
profiles.
Cheers,
Krzysztof
|
|
From: Shiraz M. <a....@fz...> - 2016-11-28 15:19:33
|
Hi,
Is it possible to query for entity attributes (/rest-admin/v1/entity/{entity-id}/attributes) based on the admin. defined output translation profiles? Currently only the system defined attributes (from attribute schema) are returned through the rest admin interface.
This is however not the case while querying for the attributes through /userinfo or saml (esp. soap) endpoints.
Thanks,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Krzysztof B. <kb...@un...> - 2016-11-26 12:08:45
|
Hi Sander, W dniu 25.11.2016 o 10:28, Sander Apweiler pisze: > Hi, > > we need/want to use email singed by X.509 for notifications from unity. > I didn't find some information in manual and Javax-mail documentation. > I know a javamail-crypto lib exists but it seems to me that it is not > used in unity. > > Is email signature supported by unity? If not are there plans for > implementation? Nothing so far - you are the first one even mentioning it :-) This is a quite rare requirement, no many people (I mean "real" people, not IT-ones) have orientation in what is a signed email (especially as everybody receives unsigned ones and no one cares). And also many cheap certificates do not allow for signing emails in their policy (contrary to working as a server TLS cert). But if this is something very needed for you, please fill a ticket. It can be implemented using the bouncy castle lib - requires bit of additional email config and bit of code to sign. Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2016-11-25 09:31:43
|
Hi, we need/want to use email singed by X.509 for notifications from unity. I didn't find some information in manual and Javax-mail documentation. I know a javamail-crypto lib exists but it seems to me that it is not used in unity. Is email signature supported by unity? If not are there plans for implementation? Best regards, Sander ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2016-11-13 16:23:00
|
Hi Sander, W dniu 09.11.2016 o 15:55, Sander Apweiler pisze: > Hi Krzysztof, > > I copied the attribute values with REST API to a new one. After updating > registration forms, translation profiles and config to the new attribute > I found some problems or maybe bugs. > > 1) The old attribute named email and the new attribute named mail are > stored in Unity. The following output translation profile is used for SPs: > Condition: true > Action: createAttribute > attributeName: email > expression: attr['mail'] > > If this translation profile is used, Unity ignores the expression and > send the value of the attribute "email" to the client. If there is no > attribute named email, the expression works. Yes, this is an expected behavior: createAttribute action is skipped if its attribute already exists. If you set logging level for translation to TRACE then you get the explicit message about this happening in log. As this was misleading for you I'm increasing the log level to: DEBUG. Solution for your problem is to put (before the createAttribute rule) filterAttribute action, which removes the original 'email' attribute. > 2) SAML clients can't use verifiableEmail attributes. I got an error > from an SAML client because Unity sends within the response the > following status: > <urn:Status> > <urn:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Responder" /> > <urn:StatusMessage>pl.edu.icm.unity.types.basic.VerifiableEmail > cannot be cast to java.lang.String</urn:StatusMessage> > </urn:Status> > > So it seems that Unity can't cast the VerifiableEmail attribute in SAML > context. For Oauth it works fine. Very bad is that unity logfiles has no > errors. If I have a look in it, it seems that everything was fine. I agree, this clearly signals some bug. In principle Unity should never cast its internal attribute value to SAML value, it should use a configured encoder. Of course there is such encoder for emails, and it is tested that this feature is working, i.e. I get SAML responses with emails in them. Said so: can you please more details about a setup where I can reproduce this problem? If you could send me the complete config of SAML idp endpoint + profile is used then would be great. > 3) In input translation profiles we use effect = CREATE_OR_UPDATE for > attribute mapping. If you use this effect for verifiableEmail the user > receives a confirmation email after every login (although the email > address was confirmed). I would expect that it is send once at > registration and a new confirmation mail is send if the email address > has changed. Well, this is bit tricky. The behavior is that Unity sets the email to unconfirmed after each login, because this is how you have configured your profile. And in effect you have confirmation request sent always. In the majority of cases, when authN is delegated to external service, it can be trusted that the provided email was verified and local re-verification by unity should be skipped at all. You can achieve this by adding a constant suffix "[CONFIRMED]" to attribute value in your profile's expression - see section 7.4.4 in manual. I hope this is solving your issues. However, if you want to do exactly as you wrote, i.e. verify the externally provided email with Unity, and re-do verification if email changes, then we need an extra feature. The problem is that unity must also allow for setting email attribute state from profile (some of OAuth services provide email verification status as a separate attribute). And this feature would become broken if your suggestion is simply implemented. THerefore if you need exactly such behavior please write, I'll think about some smart way to configure profile to act in such way. Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2016-11-09 14:57:36
|
Hi Krzysztof,
I copied the attribute values with REST API to a new one. After updating registration forms, translation profiles and config to the new attribute I found some problems or maybe bugs.
1) The old attribute named email and the new attribute named mail are stored in Unity. The following output translation profile is used for SPs:
Condition: true
Action: createAttribute
attributeName: email
expression: attr['mail']
If this translation profile is used, Unity ignores the expression and send the value of the attribute "email" to the client. If there is no attribute named email, the expression works.
2) SAML clients can't use verifiableEmail attributes. I got an error from an SAML client because Unity sends within the response the following status:
<urn:Status>
<urn:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
<urn:StatusMessage>pl.edu.icm.unity.types.basic.VerifiableEmail cannot be cast to java.lang.String</urn:StatusMessage>
</urn:Status>
So it seems that Unity can't cast the VerifiableEmail attribute in SAML context. For Oauth it works fine. Very bad is that unity logfiles has no errors. If I have a look in it, it seems that everything was fine.
3) In input translation profiles we use effect = CREATE_OR_UPDATE for attribute mapping. If you use this effect for verifiableEmail the user receives a confirmation email after every login (although the email address was confirmed). I would expect that it is send once at registration and a new confirmation mail is send if the email address has changed.
Do you know this problems?
Best regards,
Sander
Am Freitag, den 21.10.2016, 11:17 +0200 schrieb Krzysztof Benedyczak:
Hi Sander,
W dniu 20.10.2016 o 12:44, Sander Apweiler pisze:
Hi,
I want to change the value type of email attribute from string into
verifiableEmail. When I submit the changes I got an error that at least
one attribute is in conflict with it. The stack trace from log file is
attached. Has anyone a hint for me?
Unfortunately this direction is not easy. verifiableEmail holds a
complex information as attribute values. Usually you see only the sole
email value, but it is also stored whether it was confirmed, when, how
many confirmation requests were sent. Therefore simple upcasting of
String to vEmail won't work.
One approach would be to create a new verifiableEmail-type attribute and
use REST API to transform. It should be also possible to create a JSON
dump, tweak it and reimport, but this is really fragile operation,
requiring good testing on a test instance...
If you don't mind waiting you can open a ticket for this - we can
implement better special handling for attribute type changes: if the
current approach of basic type cast does not work, we can try to perform
export to text representation and parse it. Of course such fallback can
loose some information but should work in the typical cases.
Best,
Krzysztof
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Sander A. <sa....@fz...> - 2016-10-27 12:55:34
|
Hi Krzysztof, thank you very much. Now it works fine. Best regards, Sander Am Donnerstag, den 27.10.2016, 13:51 +0200 schrieb Krzysztof Benedyczak: > W dniu 27.10.2016 o 11:57, Sander Apweiler pisze: > > Hi Krzysztof, > > > > Am Donnerstag, den 27.10.2016, 10:48 +0200 schrieb Krzysztof > > Benedyczak: > > > Hi Sander, > > > > > > W dniu 27.10.2016 o 10:38, Sander Apweiler pisze: > > > > Hi Krzysztof, > > > > > > > > thanks for the information. Copy the values with REST API is > > > > working > > > > fin for me. Is there a possibility to get a list of all used > > > > entity > > > > ids > > > > via REST API? I'm working on an script which copy the attribute > > > > for > > > > all > > > > users and I want to avoid a long for loop with status code > > > > check. > > > > > > What do you mean by "all used entity ids"? Just all entities > > > which > > > are > > > in the system? If so then get all members of the root group - > > > this > > > is > > > the complete list. > > > > yes that is what I want. But how could I queue the root group? I > > tried > > - .../group > > - .../group/ > > - .../group// > > All has a 404 error. Queue a subgroup was no problem. > > root is just / > You may need to do percent encoding of the value. ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2016-10-27 11:52:08
|
W dniu 27.10.2016 o 11:57, Sander Apweiler pisze: > Hi Krzysztof, > > Am Donnerstag, den 27.10.2016, 10:48 +0200 schrieb Krzysztof > Benedyczak: >> Hi Sander, >> >> W dniu 27.10.2016 o 10:38, Sander Apweiler pisze: >>> Hi Krzysztof, >>> >>> thanks for the information. Copy the values with REST API is >>> working >>> fin for me. Is there a possibility to get a list of all used entity >>> ids >>> via REST API? I'm working on an script which copy the attribute for >>> all >>> users and I want to avoid a long for loop with status code check. >> >> What do you mean by "all used entity ids"? Just all entities which >> are >> in the system? If so then get all members of the root group - this >> is >> the complete list. > yes that is what I want. But how could I queue the root group? I tried > - .../group > - .../group/ > - .../group// > All has a 404 error. Queue a subgroup was no problem. root is just / You may need to do percent encoding of the value. |
|
From: Sander A. <sa....@fz...> - 2016-10-27 09:57:54
|
Hi Krzysztof, Am Donnerstag, den 27.10.2016, 10:48 +0200 schrieb Krzysztof Benedyczak: > Hi Sander, > > W dniu 27.10.2016 o 10:38, Sander Apweiler pisze: > > Hi Krzysztof, > > > > thanks for the information. Copy the values with REST API is > > working > > fin for me. Is there a possibility to get a list of all used entity > > ids > > via REST API? I'm working on an script which copy the attribute for > > all > > users and I want to avoid a long for loop with status code check. > > What do you mean by "all used entity ids"? Just all entities which > are > in the system? If so then get all members of the root group - this > is > the complete list. yes that is what I want. But how could I queue the root group? I tried - .../group - .../group/ - .../group// All has a 404 error. Queue a subgroup was no problem. Best regards, Sander > > Best > Krzysztof > > ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2016-10-27 08:49:17
|
Hi Sander, W dniu 27.10.2016 o 10:38, Sander Apweiler pisze: > Hi Krzysztof, > > thanks for the information. Copy the values with REST API is working > fin for me. Is there a possibility to get a list of all used entity ids > via REST API? I'm working on an script which copy the attribute for all > users and I want to avoid a long for loop with status code check. What do you mean by "all used entity ids"? Just all entities which are in the system? If so then get all members of the root group - this is the complete list. Best Krzysztof |
|
From: Sander A. <sa....@fz...> - 2016-10-27 08:39:30
|
Hi Krzysztof, thanks for the information. Copy the values with REST API is working fin for me. Is there a possibility to get a list of all used entity ids via REST API? I'm working on an script which copy the attribute for all users and I want to avoid a long for loop with status code check. Best regards, Sander Am Freitag, den 21.10.2016, 11:17 +0200 schrieb Krzysztof Benedyczak: > Hi Sander, > > W dniu 20.10.2016 o 12:44, Sander Apweiler pisze: > > Hi, > > > > I want to change the value type of email attribute from string into > > verifiableEmail. When I submit the changes I got an error that at > > least > > one attribute is in conflict with it. The stack trace from log file > > is > > attached. Has anyone a hint for me? > > > > Unfortunately this direction is not easy. verifiableEmail holds a > complex information as attribute values. Usually you see only the > sole > email value, but it is also stored whether it was confirmed, when, > how > many confirmation requests were sent. Therefore simple upcasting of > String to vEmail won't work. > > One approach would be to create a new verifiableEmail-type attribute > and > use REST API to transform. It should be also possible to create a > JSON > dump, tweak it and reimport, but this is really fragile operation, > requiring good testing on a test instance... > > If you don't mind waiting you can open a ticket for this - we can > implement better special handling for attribute type changes: if the > current approach of basic type cast does not work, we can try to > perform > export to text representation and parse it. Of course such fallback > can > loose some information but should work in the typical cases. > > Best, > Krzysztof ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2016-10-21 09:17:11
|
Hi Sander, W dniu 20.10.2016 o 12:44, Sander Apweiler pisze: > Hi, > > I want to change the value type of email attribute from string into > verifiableEmail. When I submit the changes I got an error that at least > one attribute is in conflict with it. The stack trace from log file is > attached. Has anyone a hint for me? > Unfortunately this direction is not easy. verifiableEmail holds a complex information as attribute values. Usually you see only the sole email value, but it is also stored whether it was confirmed, when, how many confirmation requests were sent. Therefore simple upcasting of String to vEmail won't work. One approach would be to create a new verifiableEmail-type attribute and use REST API to transform. It should be also possible to create a JSON dump, tweak it and reimport, but this is really fragile operation, requiring good testing on a test instance... If you don't mind waiting you can open a ticket for this - we can implement better special handling for attribute type changes: if the current approach of basic type cast does not work, we can try to perform export to text representation and parse it. Of course such fallback can loose some information but should work in the typical cases. Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2016-10-20 10:44:50
|
Hi, I want to change the value type of email attribute from string into verifiableEmail. When I submit the changes I got an error that at least one attribute is in conflict with it. The stack trace from log file is attached. Has anyone a hint for me? Best regards, Sander ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2016-09-16 11:32:44
|
Hi Shiraz, W dniu 16.09.2016 o 12:14, Shiraz Memon pisze: > Hi, > > I am running v1.9.3. Whenever I (re)start the server, following error > appears in the startup log file. However I am able to access the Web UI. > org.apache.ibatis.exceptions.PersistenceException: > ### Error querying database. Cause: org.h2.jdbc.JdbcSQLException: Table > "EVENTS_QUEUE" not found; SQL statement: Yes you can safely ignore it. The local database (which is causing this error) is not effectively used and was already removed for the 2.0 version. To fix error: likely the *local* H2 database (as configured in unityServer.conf, pay attention not to mix it with your primary contents database) schema is corrupted. You can remove it, should be recreated after the next restart. HTH, Krzysztof |
|
From: Shiraz M. <a....@fz...> - 2016-09-16 10:15:27
|
Hi,
I am running v1.9.3. Whenever I (re)start the server, following error appears in the startup log file. However I am able to access the Web UI.
Sep 16, 2016 12:01:20 PM CEST: Starting UNITY Web Server
Sep 16, 2016 12:02:01 PM CEST: UNITY Server Started
Exception in thread "Thread-3" org.apache.ibatis.exceptions.PersistenceException:
### Error querying database. Cause: org.h2.jdbc.JdbcSQLException: Table "EVENTS_QUEUE" not found; SQL statement:
SELECT * FROM EVENTS_QUEUE WHERE NEXT_PROCESSING < ? [42102-191]
### The error may exist in pl/edu/icm/unity/db/mapper-local/Events.xml
### The error may involve pl.edu.icm.unity.db.mapper.local.EventsMapper.selectEventsForProcessing
### The error occurred while executing a query
### SQL: SELECT * FROM EVENTS_QUEUE WHERE NEXT_PROCESSING < ?
### Cause: org.h2.jdbc.JdbcSQLException: Table "EVENTS_QUEUE" not found; SQL statement:
SELECT * FROM EVENTS_QUEUE WHERE NEXT_PROCESSING < ? [42102-191]
at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:122)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:113)
at org.apache.ibatis.binding.MapperMethod.executeForMany(MapperMethod.java:122)
at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:64)
at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:53)
at com.sun.proxy.$Proxy97.selectEventsForProcessing(Unknown Source)
at pl.edu.icm.unity.db.DBEvents.getEventsForProcessing(DBEvents.java:96)
at pl.edu.icm.unity.engine.events.EventsProcessingThread.run(EventsProcessingThread.java:48)
Caused by: org.h2.jdbc.JdbcSQLException: Table "EVENTS_QUEUE" not found; SQL statement:
SELECT * FROM EVENTS_QUEUE WHERE NEXT_PROCESSING < ? [42102-191]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
at org.h2.message.DbException.get(DbException.java:179)
at org.h2.message.DbException.get(DbException.java:155)
at org.h2.command.Parser.readTableOrView(Parser.java:5349)
at org.h2.command.Parser.readTableFilter(Parser.java:1245)
at org.h2.command.Parser.parseSelectSimpleFromPart(Parser.java:1884)
at org.h2.command.Parser.parseSelectSimple(Parser.java:2032)
at org.h2.command.Parser.parseSelectSub(Parser.java:1878)
at org.h2.command.Parser.parseSelectUnion(Parser.java:1699)
at org.h2.command.Parser.parseSelect(Parser.java:1687)
at org.h2.command.Parser.parsePrepared(Parser.java:443)
at org.h2.command.Parser.parse(Parser.java:315)
at org.h2.command.Parser.parse(Parser.java:287)
at org.h2.command.Parser.prepareCommand(Parser.java:252)
at org.h2.engine.Session.prepareLocal(Session.java:560)
at org.h2.engine.Session.prepareCommand(Session.java:501)
at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1188)
at org.h2.jdbc.JdbcPreparedStatement.<init>(JdbcPreparedStatement.java:73)
at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:276)
at sun.reflect.GeneratedMethodAccessor22.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.ibatis.datasource.pooled.PooledConnection.invoke(PooledConnection.java:245)
at com.sun.proxy.$Proxy28.prepareStatement(Unknown Source)
at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:79)
at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88)
at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:58)
at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:76)
at org.apache.ibatis.executor.SimpleExecutor.doQuery(SimpleExecutor.java:61)
at org.apache.ibatis.executor.BaseExecutor.queryFromDatabase(BaseExecutor.java:303)
at org.apache.ibatis.executor.BaseExecutor.query(BaseExecutor.java:154)
at org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:102)
at org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:82)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:120
Should I ignore this error?
Cheers,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Krzysztof B. <kb...@un...> - 2016-09-15 20:17:49
|
Dear Subscribers, Subsequent Unity release - 1.9.4 - is available for download. In the first place it fixes couple of bugs which where discovered recently. Additionally new configuration options are introduced, which should increase system flexibility. Probably the most important one (and requested for a long time) is the possibility to accept signed SAML authentication responses which contain unsigned assertions. This is SAML SSO protocol violation, however often used in the wild. Download links and detailed list of changes is available at: http://www.unity-idm.eu/site/downloads Best regards, Krzysztof |
|
From: Björn H. <b.h...@fz...> - 2016-09-14 10:25:55
|
Hi Krzysztof, Am 14.09.2016 um 12:16 schrieb Krzysztof Benedyczak: > So there is a bug. It can be triggered only if when creating a statement > in a group, in which you relay on attributes assigned by another > statement in extra group. glad I could help and you were able to understand the problem despite my incomplete dump. Cheers, Björn -- Dipl.-Inform. Björn Hagemeier Federated Systems and Data Juelich Supercomputing Centre Institute for Advanced Simulation Phone: +49 2461 61 1584 Fax : +49 2461 61 6656 Email: b.h...@fz... Skype: bhagemeier WWW : http://www.fz-juelich.de/jsc JSC is the coordinator of the John von Neumann Institute for Computing and member of the Gauss Centre for Supercomputing ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2016-09-14 10:20:44
|
Hi, W dniu 13.09.2016 o 14:32, Björn Hagemeier pisze: > Hi Krzysztof, > > based on the examples in the documentation, I found a much simpler way > of defining attributes for my particular use case. My condition within > the parent group attribute statements is now the group membership. > > groups contains '/parent/servers' > groups contains '/parent/users' > > However, I do think that Unity should be able to work with arbitrary > values from sub-groups. I may not have quite grasped the difference > between eattr and eattrs, however using either one does not make a > difference for me. Yes, the above is another workaround as it doesn't relay on subgroup attributes at all. BTW this version is also more effective. Regarding eattr and eattrs: eattr provide you direct access to the first value of an attribute. eattrs provide you access to all values in an array. So always: eattr['foo'] == eattrs['foo'][0] In other words eattr is just a convenience thingy for a common case of single valued attributes. > > Is it possible that urn:unicore:attrType:role is treated specially. > Using a similar statement for urn:unicore:attrType:xlogin only uses the > value on the particular entity. > > Are enumerations somehow special when it comes to dynamic attributes? No, not really - why it worked for xlogin is that, I guess, you was not assigning it with a statement. HTH, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2016-09-14 10:16:26
|
Hi Björn, W dniu 13.09.2016 o 11:31, Björn Hagemeier pisze: >> If yes - what misbehavior do you get? > The attribute in question is set to the same value for ALL entities in > the parent group. >> >> And please provide details of the attribute statement that you use to >> copy the attribute in question. > In order to copy the attribute from sub-group servers > > Extra group with attributes: /unicorex/servers > Condition: eattrs contains 'urn:unicore:attrType:role' > Dynamic attribute name: urn:unicore:attrType:role > Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] > Dynamic attribute visibility: unlimited > Conflict resolution: skip > > And for sub-group users: > > Extra group with attributes: /unicorex/users > Condition: eattrs contains 'urn:unicore:attrType:role' > Dynamic attribute name: urn:unicore:attrType:role > Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] > Dynamic attribute visibility: unlimited > Conflict resolution: skip > > The list entry (toString()-rendering?) of this statement not mention the > extra group, such that they look alike at first sight. But this is > probably just a UI issue. It is intended: the extra group is skipped so the statement's string representation is more compact. > With conflict resolution 'skip', the first statement in the list wins, > with conflict resolution 'overwrite previous', then last one wins. This > is expected behaviour, but values are applied to all entities in the > parent group. I've attached what I think is a minimal example of this > problem. It's a database dump from a fresh Unity installation with all > example data removed. Maybe it helps in debugging the problem. The dump was not consistent with the above description and the description was not enough to reproduce. Fortunately putting them together helped. So there is a bug. It can be triggered only if when creating a statement in a group, in which you relay on attributes assigned by another statement in extra group. This is what you used (not written above but this is the only statement that was present in the dump). More precisely: Unity, when evaluating statement of a subgroup doesn't ensure properly that the entity for which attributes are collected, is actually the member of this subgroup. It simply assumes that the entity is the member. This is always correct for parent-extra-groups, but naturally not for sub-extra-groups. I'll fix this of course (#577), there are workarounds for this for now. Having the above statements, change the statement in the subgroups (/unicorex/servers and /unicorex/users), so that their condition is not simply 'true', but explicitly requires membership in the current group. I.e. group contains '/unicorex/servers' and analogical for /unicorex/users. Thanks for reporting this! Krzysztof |
|
From: Björn H. <b.h...@fz...> - 2016-09-13 12:33:20
|
Hi Krzysztof, based on the examples in the documentation, I found a much simpler way of defining attributes for my particular use case. My condition within the parent group attribute statements is now the group membership. groups contains '/parent/servers' groups contains '/parent/users' However, I do think that Unity should be able to work with arbitrary values from sub-groups. I may not have quite grasped the difference between eattr and eattrs, however using either one does not make a difference for me. Is it possible that urn:unicore:attrType:role is treated specially. Using a similar statement for urn:unicore:attrType:xlogin only uses the value on the particular entity. Are enumerations somehow special when it comes to dynamic attributes? Cheers, Björn Am 13.09.2016 um 11:34 schrieb Björn Hagemeier: > Hi Krzysztof, > > on quick remark. The dump I just sent you may not have contained the > second rule to copy attributes from the server group. I did this for > testing purposes, but it shows the problem as well, as the user role > gets assigned to all entities in the parent group. > > I had done the change for testing purposes, but it didn't lead to any > resolution on my side. > > > Cheers, > Björn > > Am 13.09.2016 um 11:31 schrieb Björn Hagemeier: >> Hi Krzysztof, >> >> Am 13.09.2016 um 10:04 schrieb Krzysztof Benedyczak: >>> Hi Björn, >>> >>> W dniu 13.09.2016 o 09:46, Björn Hagemeier pisze: >>>> Hi there, >>>> >>>> I ran into a problem using attributes statements in Unity 1.9.3. I would >>>> like to use an attribute statement to copy an attribute from sub-groups. >>>> Entity membership within sub-groups is mutually exclusive, the attribute >>>> in question gets assigned automatically based on group membership. When >>>> using two attribute statements to copy the attribute from the respective >>>> sub-groups, the attribute value is updated on all entities within the >>>> parent group. >>>> >>>> parent: dynamic attribute value from sub-groups assigned to all entities >>>> |- servers: all entities assigned role server >>>> |- users: all entities assigned role user >>>> >>>> The dynamic attribute values are taken from one group or the other, >>>> depending on the order of the statements and the conflict resolution. >>>> Only 'overwrite previous' and 'skip' really work here, but again, due to >>>> the entities and hence the attributes being mutually exclusive within >>>> the sub-groups, there should not be any conflict (to the best of my >>>> knowledge). >>>> >>>> Am I doing anything wrong or is the value selection and assignment not >>>> sufficiently restrictive? >>> >>> Well, I'm not sure if I can extract the problem that you get from your >>> description. I understand that you have entities which are either in >>> parent/servers or parent/users (never both), and want to copy the same >>> attribute from a subgroup to have it also in the parent group. Is this >>> correct? >> Absoultely >>> If yes - what misbehavior do you get? >> The attribute in question is set to the same value for ALL entities in >> the parent group. >>> >>> And please provide details of the attribute statement that you use to >>> copy the attribute in question. >> In order to copy the attribute from sub-group servers >> >> Extra group with attributes: /unicorex/servers >> Condition: eattrs contains 'urn:unicore:attrType:role' >> Dynamic attribute name: urn:unicore:attrType:role >> Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] >> Dynamic attribute visibility: unlimited >> Conflict resolution: skip >> >> And for sub-group users: >> >> Extra group with attributes: /unicorex/users >> Condition: eattrs contains 'urn:unicore:attrType:role' >> Dynamic attribute name: urn:unicore:attrType:role >> Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] >> Dynamic attribute visibility: unlimited >> Conflict resolution: skip >> >> The list entry (toString()-rendering?) of this statement not mention the >> extra group, such that they look alike at first sight. But this is >> probably just a UI issue. >> >> With conflict resolution 'skip', the first statement in the list wins, >> with conflict resolution 'overwrite previous', then last one wins. This >> is expected behaviour, but values are applied to all entities in the >> parent group. I've attached what I think is a minimal example of this >> problem. It's a database dump from a fresh Unity installation with all >> example data removed. Maybe it helps in debugging the problem. >> >> >> Best regards and thanks for your great support, >> Björn >> >>> >>> Cheers, >>> Krzysztof >>> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > -- Dipl.-Inform. Björn Hagemeier Federated Systems and Data Juelich Supercomputing Centre Institute for Advanced Simulation Phone: +49 2461 61 1584 Fax : +49 2461 61 6656 Email: b.h...@fz... Skype: bhagemeier WWW : http://www.fz-juelich.de/jsc JSC is the coordinator of the John von Neumann Institute for Computing and member of the Gauss Centre for Supercomputing ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- |
|
From: Björn H. <b.h...@fz...> - 2016-09-13 09:34:21
|
Hi Krzysztof, on quick remark. The dump I just sent you may not have contained the second rule to copy attributes from the server group. I did this for testing purposes, but it shows the problem as well, as the user role gets assigned to all entities in the parent group. I had done the change for testing purposes, but it didn't lead to any resolution on my side. Cheers, Björn Am 13.09.2016 um 11:31 schrieb Björn Hagemeier: > Hi Krzysztof, > > Am 13.09.2016 um 10:04 schrieb Krzysztof Benedyczak: >> Hi Björn, >> >> W dniu 13.09.2016 o 09:46, Björn Hagemeier pisze: >>> Hi there, >>> >>> I ran into a problem using attributes statements in Unity 1.9.3. I would >>> like to use an attribute statement to copy an attribute from sub-groups. >>> Entity membership within sub-groups is mutually exclusive, the attribute >>> in question gets assigned automatically based on group membership. When >>> using two attribute statements to copy the attribute from the respective >>> sub-groups, the attribute value is updated on all entities within the >>> parent group. >>> >>> parent: dynamic attribute value from sub-groups assigned to all entities >>> |- servers: all entities assigned role server >>> |- users: all entities assigned role user >>> >>> The dynamic attribute values are taken from one group or the other, >>> depending on the order of the statements and the conflict resolution. >>> Only 'overwrite previous' and 'skip' really work here, but again, due to >>> the entities and hence the attributes being mutually exclusive within >>> the sub-groups, there should not be any conflict (to the best of my >>> knowledge). >>> >>> Am I doing anything wrong or is the value selection and assignment not >>> sufficiently restrictive? >> >> Well, I'm not sure if I can extract the problem that you get from your >> description. I understand that you have entities which are either in >> parent/servers or parent/users (never both), and want to copy the same >> attribute from a subgroup to have it also in the parent group. Is this >> correct? > Absoultely >> If yes - what misbehavior do you get? > The attribute in question is set to the same value for ALL entities in > the parent group. >> >> And please provide details of the attribute statement that you use to >> copy the attribute in question. > In order to copy the attribute from sub-group servers > > Extra group with attributes: /unicorex/servers > Condition: eattrs contains 'urn:unicore:attrType:role' > Dynamic attribute name: urn:unicore:attrType:role > Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] > Dynamic attribute visibility: unlimited > Conflict resolution: skip > > And for sub-group users: > > Extra group with attributes: /unicorex/users > Condition: eattrs contains 'urn:unicore:attrType:role' > Dynamic attribute name: urn:unicore:attrType:role > Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] > Dynamic attribute visibility: unlimited > Conflict resolution: skip > > The list entry (toString()-rendering?) of this statement not mention the > extra group, such that they look alike at first sight. But this is > probably just a UI issue. > > With conflict resolution 'skip', the first statement in the list wins, > with conflict resolution 'overwrite previous', then last one wins. This > is expected behaviour, but values are applied to all entities in the > parent group. I've attached what I think is a minimal example of this > problem. It's a database dump from a fresh Unity installation with all > example data removed. Maybe it helps in debugging the problem. > > > Best regards and thanks for your great support, > Björn > >> >> Cheers, >> Krzysztof >> > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > -- Dipl.-Inform. Björn Hagemeier Federated Systems and Data Juelich Supercomputing Centre Institute for Advanced Simulation Phone: +49 2461 61 1584 Fax : +49 2461 61 6656 Email: b.h...@fz... Skype: bhagemeier WWW : http://www.fz-juelich.de/jsc JSC is the coordinator of the John von Neumann Institute for Computing and member of the Gauss Centre for Supercomputing ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- |
|
From: Björn H. <b.h...@fz...> - 2016-09-13 09:31:25
|
Hi Krzysztof, Am 13.09.2016 um 10:04 schrieb Krzysztof Benedyczak: > Hi Björn, > > W dniu 13.09.2016 o 09:46, Björn Hagemeier pisze: >> Hi there, >> >> I ran into a problem using attributes statements in Unity 1.9.3. I would >> like to use an attribute statement to copy an attribute from sub-groups. >> Entity membership within sub-groups is mutually exclusive, the attribute >> in question gets assigned automatically based on group membership. When >> using two attribute statements to copy the attribute from the respective >> sub-groups, the attribute value is updated on all entities within the >> parent group. >> >> parent: dynamic attribute value from sub-groups assigned to all entities >> |- servers: all entities assigned role server >> |- users: all entities assigned role user >> >> The dynamic attribute values are taken from one group or the other, >> depending on the order of the statements and the conflict resolution. >> Only 'overwrite previous' and 'skip' really work here, but again, due to >> the entities and hence the attributes being mutually exclusive within >> the sub-groups, there should not be any conflict (to the best of my >> knowledge). >> >> Am I doing anything wrong or is the value selection and assignment not >> sufficiently restrictive? > > Well, I'm not sure if I can extract the problem that you get from your > description. I understand that you have entities which are either in > parent/servers or parent/users (never both), and want to copy the same > attribute from a subgroup to have it also in the parent group. Is this > correct? Absoultely > If yes - what misbehavior do you get? The attribute in question is set to the same value for ALL entities in the parent group. > > And please provide details of the attribute statement that you use to > copy the attribute in question. In order to copy the attribute from sub-group servers Extra group with attributes: /unicorex/servers Condition: eattrs contains 'urn:unicore:attrType:role' Dynamic attribute name: urn:unicore:attrType:role Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] Dynamic attribute visibility: unlimited Conflict resolution: skip And for sub-group users: Extra group with attributes: /unicorex/users Condition: eattrs contains 'urn:unicore:attrType:role' Dynamic attribute name: urn:unicore:attrType:role Dynamic attribute values expression: eattrs['urn:unicore:attrType:role'] Dynamic attribute visibility: unlimited Conflict resolution: skip The list entry (toString()-rendering?) of this statement not mention the extra group, such that they look alike at first sight. But this is probably just a UI issue. With conflict resolution 'skip', the first statement in the list wins, with conflict resolution 'overwrite previous', then last one wins. This is expected behaviour, but values are applied to all entities in the parent group. I've attached what I think is a minimal example of this problem. It's a database dump from a fresh Unity installation with all example data removed. Maybe it helps in debugging the problem. Best regards and thanks for your great support, Björn > > Cheers, > Krzysztof > -- Dipl.-Inform. Björn Hagemeier Federated Systems and Data Juelich Supercomputing Centre Institute for Advanced Simulation Phone: +49 2461 61 1584 Fax : +49 2461 61 6656 Email: b.h...@fz... Skype: bhagemeier WWW : http://www.fz-juelich.de/jsc JSC is the coordinator of the John von Neumann Institute for Computing and member of the Gauss Centre for Supercomputing ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2016-09-13 08:04:58
|
Hi Björn, W dniu 13.09.2016 o 09:46, Björn Hagemeier pisze: > Hi there, > > I ran into a problem using attributes statements in Unity 1.9.3. I would > like to use an attribute statement to copy an attribute from sub-groups. > Entity membership within sub-groups is mutually exclusive, the attribute > in question gets assigned automatically based on group membership. When > using two attribute statements to copy the attribute from the respective > sub-groups, the attribute value is updated on all entities within the > parent group. > > parent: dynamic attribute value from sub-groups assigned to all entities > |- servers: all entities assigned role server > |- users: all entities assigned role user > > The dynamic attribute values are taken from one group or the other, > depending on the order of the statements and the conflict resolution. > Only 'overwrite previous' and 'skip' really work here, but again, due to > the entities and hence the attributes being mutually exclusive within > the sub-groups, there should not be any conflict (to the best of my > knowledge). > > Am I doing anything wrong or is the value selection and assignment not > sufficiently restrictive? Well, I'm not sure if I can extract the problem that you get from your description. I understand that you have entities which are either in parent/servers or parent/users (never both), and want to copy the same attribute from a subgroup to have it also in the parent group. Is this correct? If yes - what misbehavior do you get? And please provide details of the attribute statement that you use to copy the attribute in question. Cheers, Krzysztof |
|
From: Björn H. <b.h...@fz...> - 2016-09-13 07:46:33
|
Hi there, I ran into a problem using attributes statements in Unity 1.9.3. I would like to use an attribute statement to copy an attribute from sub-groups. Entity membership within sub-groups is mutually exclusive, the attribute in question gets assigned automatically based on group membership. When using two attribute statements to copy the attribute from the respective sub-groups, the attribute value is updated on all entities within the parent group. parent: dynamic attribute value from sub-groups assigned to all entities |- servers: all entities assigned role server |- users: all entities assigned role user The dynamic attribute values are taken from one group or the other, depending on the order of the statements and the conflict resolution. Only 'overwrite previous' and 'skip' really work here, but again, due to the entities and hence the attributes being mutually exclusive within the sub-groups, there should not be any conflict (to the best of my knowledge). Am I doing anything wrong or is the value selection and assignment not sufficiently restrictive? Cheers, and thanks in advance, Björn -- Dipl.-Inform. Björn Hagemeier Federated Systems and Data Juelich Supercomputing Centre Institute for Advanced Simulation Phone: +49 2461 61 1584 Fax : +49 2461 61 6656 Email: b.h...@fz... Skype: bhagemeier WWW : http://www.fz-juelich.de/jsc JSC is the coordinator of the John von Neumann Institute for Computing and member of the Gauss Centre for Supercomputing ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- |
