diff --git a/grouper/conf/grouper-loader.base.properties b/grouper/conf/grouper-loader.base.properties
index 6f88eb864a3c..a45e76967411 100644
--- a/grouper/conf/grouper-loader.base.properties
+++ b/grouper/conf/grouper-loader.base.properties
@@ -6894,3 +6894,103 @@ teamDynamixAuthnTokenExpiresSeconds = 60
# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["email", "firstName", "id", "lastName", "login"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
# provisioner.myOktaProvisioner.targetEntityAttribute.$i$.name =
+
+################################################
+## provisioner startWith - Okta
+################################################
+
+# okta common
+# {valueType: "string", order: 25, readOnly: true}
+# provisionerStartWith.oktaCommon.startWith = oktaCommon
+
+# this is the okta external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.WsBearerTokenExternalSystem"}
+# provisionerStartWith.oktaCommon.oktaExternalSystemConfigId =
+
+# Okta pattern
+# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${oktaExternalSystemConfigId != null}", optionValues: ["manageGroupsManageEntities", "manageGroupsReadonlyEntities", "manageEntities", "other"]}
+# provisionerStartWith.oktaCommon.oktaPattern =
+
+# User attributes type
+# {valueType: "string", order: 100, required: true, formElement: "dropdown", showEl: "${oktaPattern != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]}
+# provisionerStartWith.oktaCommon.userAttributesType =
+
+# subject source entity resolver attributes
+# {valueType: "string", order: 200, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"}
+# provisionerStartWith.oktaCommon.subjectSourceEntityResolverAttributes =
+
+# Select all groups at once during full sync
+# {valueType: "boolean", order: 230, defaultValue: "false", showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.selectAllGroups =
+
+# manage groups
+# {valueType: "boolean", order: 250, defaultValue: "false", showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.manageGroups =
+
+# group name attribute value
+# {valueType: "string", order: 300, required: true, formElement: "dropdown", showEl: "${manageGroups == true}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]}
+# provisionerStartWith.oktaCommon.groupNameAttributeValue =
+
+# group name translation script
+# {valueType: "string", order: 350, required: true, showEl: "${oktaPattern != null && groupNameAttributeValue == 'script'}"}
+# provisionerStartWith.oktaCommon.groupNameTranslationScript =
+
+# use group description
+# {valueType: "boolean", order: 400, defaultValue: "true", showEl: "${manageGroups == true}"}
+# provisionerStartWith.oktaCommon.useGroupDescription =
+
+# manage entities
+# {valueType: "boolean", order: 500, defaultValue: "false", showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.manageEntities =
+
+# Select all entities at once during full sync
+# {valueType: "boolean", order: 550, required: true, showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.selectAllEntities =
+
+# Entity email subject attribute
+# {valueType: "string", order: 560, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.oktaCommon.entityEmailSubjectAttribute =
+
+# Entity email translation script
+# {valueType: "string", order: 570, required: true, showEl: "${oktaPattern != null && entityEmailSubjectAttribute == 'script'}"}
+# provisionerStartWith.oktaCommon.entityEmailTranslationScript =
+
+# Entity email subject attribute
+# {valueType: "string", order: 580, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.oktaCommon.entityLoginSubjectAttribute =
+
+# Entity email translation script
+# {valueType: "string", order: 590, required: true, showEl: "${oktaPattern != null && entityLoginSubjectAttribute == 'script'}"}
+# provisionerStartWith.oktaCommon.entityLoginTranslationScript =
+
+# Entity family name
+# {valueType: "string", order: 600, required: true, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectAttribute", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.oktaCommon.entityLastName =
+
+# Entity family name subject attribute
+# {valueType: "string", order: 601, required: true, showEl: "${oktaPattern != null && entityLastName == 'subjectAttribute'}"}
+# provisionerStartWith.oktaCommon.subjectLastNameAttribute =
+
+# Entity family name translation script
+# {valueType: "string", order: 650, required: true, showEl: "${oktaPattern != null && entityLastName == 'script'}"}
+# provisionerStartWith.oktaCommon.entityLastNameTranslationScript =
+
+# Entity given name subject attribute
+# {valueType: "string", order: 700, required: true, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectAttribute", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.oktaCommon.entityFirstName =
+
+# Entity given name subject attribute
+# {valueType: "string", order: 701, required: true, showEl: "${oktaPattern != null && entityFirstName == 'subjectAttribute'}"}
+# provisionerStartWith.oktaCommon.subjectFirstNameAttribute =
+
+# Entity given name translation script
+# {valueType: "string", order: 750, required: true, showEl: "${oktaPattern != null && entityFirstName == 'script'}"}
+# provisionerStartWith.oktaCommon.entityFirstNameTranslationScript =
+
+# add disabled full sync daemon?
+# {valueType: "boolean", order: 1700, defaultValue: "true", showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.addDisabledFullSyncDaemon =
+
+# add disabled incremental sync daemon?
+# {valueType: "boolean", order: 1800, defaultValue: "true", showEl: "${oktaPattern != null}"}
+# provisionerStartWith.oktaCommon.addDisabledIncrementalSyncDaemon =
diff --git a/grouper/conf/grouperText/grouper.textNg.en.us.base.properties b/grouper/conf/grouperText/grouper.textNg.en.us.base.properties
index b86623b7190f..213ff6b99ab4 100644
--- a/grouper/conf/grouperText/grouper.textNg.en.us.base.properties
+++ b/grouper/conf/grouperText/grouper.textNg.en.us.base.properties
@@ -13057,6 +13057,37 @@ provisionerStartWithOption_edu.internet2.middleware.grouper.app.ldapProvisioning
provisionerStartWithOption_edu.internet2.middleware.grouper.app.provisioningExamples.exampleWsReplaceProvisioner.ExampleWsProvisioningStartWith = Example WS provisioning 'start with'
provisionerStartWithOption_edu.internet2.middleware.grouper.app.scim2Provisioning.ScimProvisioningStartWith = Scim provisioning 'start with'
provisionerStartWithOption_edu.internet2.middleware.grouper.app.teamDynamix.TeamDynamixProvisioningStartWith = TeamDynamix provisioning 'start with'
+provisionerStartWithOption_edu.internet2.middleware.grouper.app.okta.OktaProvisioningStartWith = Okta 'start with'
+
+config.OktaProvisioningStartWith.attribute.oktaPattern.label = Okta pattern
+config.OktaProvisioningStartWith.attribute.oktaPattern.description = These patterns will pre-populate the "start with" screen based on common use cases.
- manageGroupManageEntities: will create/delete groups and entities and memberships
- manageGroupsReadonlyEntities: will create/delete groups, use existing google users provisioned from another system, and manage memberships (most common)
- manageEntities: will create/delete entities and not manage groups or memberships
- Other: will let you configure the "start with" screen as you like
+
+config.OktaProvisioningStartWith.attribute.oktaExternalSystemConfigId.label = Okta external system
+config.OktaProvisioningStartWith.attribute.oktaExternalSystemConfigId.description = Okta external system
+
+config.OktaProvisioningStartWith.attribute.entityLoginSubjectAttribute.label = Entity login subject attribute
+config.OktaProvisioningStartWith.attribute.entityLoginSubjectAttribute.description = Entity login subject attribute
+
+config.OktaProvisioningStartWith.attribute.entityLoginTranslationScript.label = Entity login translation script
+config.OktaProvisioningStartWith.attribute.entityLoginTranslationScript.description = Entity login translation script
+
+config.OktaProvisioningStartWith.attribute.entityLastName.label = Entity last name
+config.OktaProvisioningStartWith.attribute.entityLastName.description = Entity last name
+
+config.OktaProvisioningStartWith.attribute.subjectLastNameAttribute.label = Entity last name subject attribute
+config.OktaProvisioningStartWith.attribute.subjectLastNameAttribute.description = Entity last name subject attribute
+
+config.OktaProvisioningStartWith.attribute.entityLastNameTranslationScript.label = Entity last name translation script
+config.OktaProvisioningStartWith.attribute.entityLastNameTranslationScript.description = Entity last name translation script
+
+config.OktaProvisioningStartWith.attribute.entityFirstName.label = Entity first name
+config.OktaProvisioningStartWith.attribute.entityFirstName.description = Entity first name
+
+config.OktaProvisioningStartWith.attribute.subjectFirstNameAttribute.label = Entity first name subject attribute
+config.OktaProvisioningStartWith.attribute.subjectFirstNameAttribute.description = Entity first name subject attribute
+
+config.OktaProvisioningStartWith.attribute.entityFirstNameTranslationScript.label = Entity first name translation script
+config.OktaProvisioningStartWith.attribute.entityFirstNameTranslationScript.description = Entity first name translation script
# provisioner config was saved successfully
provisionerConfigAddEditSuccess = Provisioner configuration was saved successfully.
diff --git a/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java b/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java
index a85293660cd8..51218d7c5cda 100644
--- a/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java
+++ b/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java
@@ -16,7 +16,7 @@ public class OktaProvisioningStartWith extends ProvisionerStartWithBase {
@Override
public String getPropertyValueThatIdentifiesThisConfig() {
- return "googleCommon";
+ return "oktaCommon";
}
@Override
@@ -24,7 +24,7 @@ public void populateProvisionerConfigurationValuesFromStartWith(
Map startWithSuffixToValue,
Map provisionerSuffixToValue) {
- provisionerSuffixToValue.put("googleExternalSystemConfigId", startWithSuffixToValue.get("googleExternalSystemConfigId"));
+ provisionerSuffixToValue.put("oktaExternalSystemConfigId", startWithSuffixToValue.get("oktaExternalSystemConfigId"));
if (StringUtils.equals(startWithSuffixToValue.get("userAttributesType"), "entityResolver") || StringUtils.equals(startWithSuffixToValue.get("userAttributesType"), "subjectSourceAndEntityResolver")) {
provisionerSuffixToValue.put("entityResolver.entityAttributesNotInSubjectSource", "true");
@@ -73,24 +73,12 @@ public void populateProvisionerConfigurationValuesFromStartWith(
}
provisionerSuffixToValue.put("targetGroupAttribute.1.name", "name");
- String groupEmailAttributeValue = startWithSuffixToValue.get("groupEmailAttributeValue");
- if (StringUtils.equals("script", groupEmailAttributeValue)) {
- provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "translationScript");
- provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpression", startWithSuffixToValue.get("groupEmailTranslationScript"));
- } else if (StringUtils.equals("other", groupEmailAttributeValue)) {
- //do nothing
- } else {
- provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "grouperProvisioningGroupField");
- provisionerSuffixToValue.put("targetGroupAttribute.2.translateFromGrouperProvisioningGroupField", groupEmailAttributeValue);
- }
- provisionerSuffixToValue.put("targetGroupAttribute.2.name", "email");
-
if (GrouperUtil.booleanValue(startWithSuffixToValue.get("useGroupDescription"), true)) {
- provisionerSuffixToValue.put("numberOfGroupAttributes", 4);
- provisionerSuffixToValue.put("targetGroupAttribute.3.name", "description");
- provisionerSuffixToValue.put("targetGroupAttribute.3.translateExpressionType", "grouperProvisioningGroupField");
- provisionerSuffixToValue.put("targetGroupAttribute.3.translateFromGrouperProvisioningGroupField", "description");
+ provisionerSuffixToValue.put("numberOfGroupAttributes", 3);
+ provisionerSuffixToValue.put("targetGroupAttribute.2.name", "description");
+ provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "grouperProvisioningGroupField");
+ provisionerSuffixToValue.put("targetGroupAttribute.2.translateFromGrouperProvisioningGroupField", "description");
}
provisionerSuffixToValue.put("groupAttributeValueCacheHas", "true");
@@ -112,46 +100,6 @@ public void populateProvisionerConfigurationValuesFromStartWith(
}
- {
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanAdd"), true)) {
- provisionerSuffixToValue.put("whoCanAdd", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanJoin"), true)) {
- provisionerSuffixToValue.put("whoCanJoin", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanViewMembership"), false)) {
- provisionerSuffixToValue.put("whoCanViewMembership", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanViewGroup"), false)) {
- provisionerSuffixToValue.put("whoCanViewGroup", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanInvite"), false)) {
- provisionerSuffixToValue.put("whoCanInvite", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanModerateMembers"), false)) {
- provisionerSuffixToValue.put("whoCanModerateMembers", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForAllowExternalMembers"), false)) {
- provisionerSuffixToValue.put("allowExternalMembers", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanPostMessage"), false)) {
- provisionerSuffixToValue.put("whoCanPostMessage", "true");
- }
-
- if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForAllowWebHosting"), false)) {
- provisionerSuffixToValue.put("allowWebPosting", "true");
- }
-
- }
-
if (GrouperUtil.booleanValue(startWithSuffixToValue.get("manageEntities"), false)) {
provisionerSuffixToValue.put("makeChangesToEntities", "true");
}
@@ -180,13 +128,13 @@ public void populateProvisionerConfigurationValuesFromStartWith(
}
provisionerSuffixToValue.put("targetEntityAttribute.1.name", "email");
- String entityFamilyNameType = startWithSuffixToValue.get("entityFamilyName");
- if (StringUtils.equals("script", entityFamilyNameType)) {
+ String entityLastNameType = startWithSuffixToValue.get("entityLastName");
+ if (StringUtils.equals("script", entityLastNameType)) {
provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "translationScript");
- provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpression", startWithSuffixToValue.get("entityFamilyNameTranslationScript"));
- } else if (StringUtils.equals("other", entityFamilyNameType)) {
+ provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpression", startWithSuffixToValue.get("entityLastNameTranslationScript"));
+ } else if (StringUtils.equals("other", entityLastNameType)) {
//do nothing
- } else if (StringUtils.equals("subjectAttribute", entityFamilyNameType)) {
+ } else if (StringUtils.equals("subjectAttribute", entityLastNameType)) {
provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "grouperProvisioningEntityField");
provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", "entityAttributeValueCache2");
@@ -200,17 +148,17 @@ public void populateProvisionerConfigurationValuesFromStartWith(
} else {
provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "grouperProvisioningEntityField");
- provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", entityFamilyNameType);
+ provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", entityLastNameType);
}
- provisionerSuffixToValue.put("targetEntityAttribute.2.name", "familyName");
+ provisionerSuffixToValue.put("targetEntityAttribute.2.name", "lastName");
- String entityGivenNameType = startWithSuffixToValue.get("entityGivenName");
- if (StringUtils.equals("script", entityGivenNameType)) {
+ String entityFirstNameType = startWithSuffixToValue.get("entityFirstName");
+ if (StringUtils.equals("script", entityFirstNameType)) {
provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "translationScript");
- provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpression", startWithSuffixToValue.get("entityGivenNameTranslationScript"));
- } else if (StringUtils.equals("other", entityGivenNameType)) {
+ provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpression", startWithSuffixToValue.get("entityFirstNameTranslationScript"));
+ } else if (StringUtils.equals("other", entityFirstNameType)) {
//do nothing
- } else if (StringUtils.equals("subjectAttribute", entityGivenNameType)) {
+ } else if (StringUtils.equals("subjectAttribute", entityFirstNameType)) {
provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "grouperProvisioningEntityField");
provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", "entityAttributeValueCache3");
@@ -223,11 +171,24 @@ public void populateProvisionerConfigurationValuesFromStartWith(
} else {
provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "grouperProvisioningEntityField");
- provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", entityGivenNameType);
+ provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", entityFirstNameType);
+ }
+ provisionerSuffixToValue.put("targetEntityAttribute.3.name", "firstName");
+
+ String entityLoginSubjectAttributeType = startWithSuffixToValue.get("entityLoginSubjectAttribute");
+ if (StringUtils.equals("script", entityLoginSubjectAttributeType)) {
+ provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpressionType", "translationScript");
+ provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpression", startWithSuffixToValue.get("entityLoginTranslationScript"));
+ } else if (StringUtils.equals("other", entityLoginSubjectAttributeType)) {
+ //do nothing
+ } else {
+ provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpressionType", "grouperProvisioningEntityField");
+ provisionerSuffixToValue.put("targetEntityAttribute.4.translateFromGrouperProvisioningEntityField", entityLoginSubjectAttributeType);
}
- provisionerSuffixToValue.put("targetEntityAttribute.3.name", "givenName");
+
+ provisionerSuffixToValue.put("targetEntityAttribute.4.name", "login");
- provisionerSuffixToValue.put("numberOfEntityAttributes", "4");
+ provisionerSuffixToValue.put("numberOfEntityAttributes", "5");
provisionerSuffixToValue.put("entityAttributeValueCacheHas", "true");
@@ -239,15 +200,15 @@ public void populateProvisionerConfigurationValuesFromStartWith(
provisionerSuffixToValue.put("entityAttributeValueCache1has", "true");
provisionerSuffixToValue.put("entityAttributeValueCache1source", "target");
provisionerSuffixToValue.put("entityAttributeValueCache1type", "entityAttribute");
- provisionerSuffixToValue.put("entityAttributeValueCache1entityAttribute", "email");
+ provisionerSuffixToValue.put("entityAttributeValueCache1entityAttribute", "login");
provisionerSuffixToValue.put("entityMatchingAttributeCount", "2");
- provisionerSuffixToValue.put("entityMatchingAttribute0name", "email");
+ provisionerSuffixToValue.put("entityMatchingAttribute0name", "login");
provisionerSuffixToValue.put("entityMatchingAttribute1name", "id");
provisionerSuffixToValue.put("operateOnGrouperMemberships", "true");
provisionerSuffixToValue.put("provisioningType", "membershipObjects");
- provisionerSuffixToValue.put("class", "edu.internet2.middleware.grouper.app.google.GrouperGoogleProvisioner");
+ provisionerSuffixToValue.put("class", "edu.internet2.middleware.grouper.app.okta.GrouperOktaProvisioner");
if (GrouperUtil.booleanValue(startWithSuffixToValue.get("addDisabledFullSyncDaemon"), true) || GrouperUtil.booleanValue(startWithSuffixToValue.get("addDisabledIncrementalSyncDaemon"), true)) {
provisionerSuffixToValue.put("showAdvanced", "true");
@@ -263,7 +224,7 @@ public Map screenRedraw(Map suffixToValue,
for (String suffixUserJustChanged: suffixesUserJustChanged) {
- if (StringUtils.equals(suffixUserJustChanged, "googlePattern")) {
+ if (StringUtils.equals(suffixUserJustChanged, "oktaPattern")) {
String valueUserEnteredOnScreen = suffixToValue.get(suffixUserJustChanged);
if (StringUtils.equals(valueUserEnteredOnScreen, "manageGroupsManageEntities")) {
result.put("manageGroups", "true");