From 53924f53dec4ebbcfe103b851f15bece0583e25c Mon Sep 17 00:00:00 2001 From: Vivek Sachdeva Date: Fri, 3 Jan 2025 15:50:55 -0800 Subject: [PATCH] GRP-5886: (commit 12) okta provisioner --- grouper/conf/grouper-loader.base.properties | 100 +++++++++++++++ .../grouper.textNg.en.us.base.properties | 31 +++++ .../app/okta/OktaProvisioningStartWith.java | 115 ++++++------------ 3 files changed, 169 insertions(+), 77 deletions(-) diff --git a/grouper/conf/grouper-loader.base.properties b/grouper/conf/grouper-loader.base.properties index 6f88eb864a3c..a45e76967411 100644 --- a/grouper/conf/grouper-loader.base.properties +++ b/grouper/conf/grouper-loader.base.properties @@ -6894,3 +6894,103 @@ teamDynamixAuthnTokenExpiresSeconds = 60 # {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["email", "firstName", "id", "lastName", "login"], repeatGroup: "targetEntityAttribute", repeatCount: 20} # provisioner.myOktaProvisioner.targetEntityAttribute.$i$.name = + +################################################ +## provisioner startWith - Okta +################################################ + +# okta common +# {valueType: "string", order: 25, readOnly: true} +# provisionerStartWith.oktaCommon.startWith = oktaCommon + +# this is the okta external system config id +# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.WsBearerTokenExternalSystem"} +# provisionerStartWith.oktaCommon.oktaExternalSystemConfigId = + +# Okta pattern +# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${oktaExternalSystemConfigId != null}", optionValues: ["manageGroupsManageEntities", "manageGroupsReadonlyEntities", "manageEntities", "other"]} +# provisionerStartWith.oktaCommon.oktaPattern = + +# User attributes type +# {valueType: "string", order: 100, required: true, formElement: "dropdown", showEl: "${oktaPattern != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]} +# provisionerStartWith.oktaCommon.userAttributesType = + +# subject source entity resolver attributes +# {valueType: "string", order: 200, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"} +# provisionerStartWith.oktaCommon.subjectSourceEntityResolverAttributes = + +# Select all groups at once during full sync +# {valueType: "boolean", order: 230, defaultValue: "false", showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.selectAllGroups = + +# manage groups +# {valueType: "boolean", order: 250, defaultValue: "false", showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.manageGroups = + +# group name attribute value +# {valueType: "string", order: 300, required: true, formElement: "dropdown", showEl: "${manageGroups == true}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]} +# provisionerStartWith.oktaCommon.groupNameAttributeValue = + +# group name translation script +# {valueType: "string", order: 350, required: true, showEl: "${oktaPattern != null && groupNameAttributeValue == 'script'}"} +# provisionerStartWith.oktaCommon.groupNameTranslationScript = + +# use group description +# {valueType: "boolean", order: 400, defaultValue: "true", showEl: "${manageGroups == true}"} +# provisionerStartWith.oktaCommon.useGroupDescription = + +# manage entities +# {valueType: "boolean", order: 500, defaultValue: "false", showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.manageEntities = + +# Select all entities at once during full sync +# {valueType: "boolean", order: 550, required: true, showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.selectAllEntities = + +# Entity email subject attribute +# {valueType: "string", order: 560, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]} +# provisionerStartWith.oktaCommon.entityEmailSubjectAttribute = + +# Entity email translation script +# {valueType: "string", order: 570, required: true, showEl: "${oktaPattern != null && entityEmailSubjectAttribute == 'script'}"} +# provisionerStartWith.oktaCommon.entityEmailTranslationScript = + +# Entity email subject attribute +# {valueType: "string", order: 580, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]} +# provisionerStartWith.oktaCommon.entityLoginSubjectAttribute = + +# Entity email translation script +# {valueType: "string", order: 590, required: true, showEl: "${oktaPattern != null && entityLoginSubjectAttribute == 'script'}"} +# provisionerStartWith.oktaCommon.entityLoginTranslationScript = + +# Entity family name +# {valueType: "string", order: 600, required: true, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectAttribute", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]} +# provisionerStartWith.oktaCommon.entityLastName = + +# Entity family name subject attribute +# {valueType: "string", order: 601, required: true, showEl: "${oktaPattern != null && entityLastName == 'subjectAttribute'}"} +# provisionerStartWith.oktaCommon.subjectLastNameAttribute = + +# Entity family name translation script +# {valueType: "string", order: 650, required: true, showEl: "${oktaPattern != null && entityLastName == 'script'}"} +# provisionerStartWith.oktaCommon.entityLastNameTranslationScript = + +# Entity given name subject attribute +# {valueType: "string", order: 700, required: true, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["email", "idIndex", "name", "other", "script", "subjectAttribute", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]} +# provisionerStartWith.oktaCommon.entityFirstName = + +# Entity given name subject attribute +# {valueType: "string", order: 701, required: true, showEl: "${oktaPattern != null && entityFirstName == 'subjectAttribute'}"} +# provisionerStartWith.oktaCommon.subjectFirstNameAttribute = + +# Entity given name translation script +# {valueType: "string", order: 750, required: true, showEl: "${oktaPattern != null && entityFirstName == 'script'}"} +# provisionerStartWith.oktaCommon.entityFirstNameTranslationScript = + +# add disabled full sync daemon? +# {valueType: "boolean", order: 1700, defaultValue: "true", showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.addDisabledFullSyncDaemon = + +# add disabled incremental sync daemon? +# {valueType: "boolean", order: 1800, defaultValue: "true", showEl: "${oktaPattern != null}"} +# provisionerStartWith.oktaCommon.addDisabledIncrementalSyncDaemon = diff --git a/grouper/conf/grouperText/grouper.textNg.en.us.base.properties b/grouper/conf/grouperText/grouper.textNg.en.us.base.properties index b86623b7190f..213ff6b99ab4 100644 --- a/grouper/conf/grouperText/grouper.textNg.en.us.base.properties +++ b/grouper/conf/grouperText/grouper.textNg.en.us.base.properties @@ -13057,6 +13057,37 @@ provisionerStartWithOption_edu.internet2.middleware.grouper.app.ldapProvisioning provisionerStartWithOption_edu.internet2.middleware.grouper.app.provisioningExamples.exampleWsReplaceProvisioner.ExampleWsProvisioningStartWith = Example WS provisioning 'start with' provisionerStartWithOption_edu.internet2.middleware.grouper.app.scim2Provisioning.ScimProvisioningStartWith = Scim provisioning 'start with' provisionerStartWithOption_edu.internet2.middleware.grouper.app.teamDynamix.TeamDynamixProvisioningStartWith = TeamDynamix provisioning 'start with' +provisionerStartWithOption_edu.internet2.middleware.grouper.app.okta.OktaProvisioningStartWith = Okta 'start with' + +config.OktaProvisioningStartWith.attribute.oktaPattern.label = Okta pattern +config.OktaProvisioningStartWith.attribute.oktaPattern.description = These patterns will pre-populate the "start with" screen based on common use cases.
+ +config.OktaProvisioningStartWith.attribute.oktaExternalSystemConfigId.label = Okta external system +config.OktaProvisioningStartWith.attribute.oktaExternalSystemConfigId.description = Okta external system + +config.OktaProvisioningStartWith.attribute.entityLoginSubjectAttribute.label = Entity login subject attribute +config.OktaProvisioningStartWith.attribute.entityLoginSubjectAttribute.description = Entity login subject attribute + +config.OktaProvisioningStartWith.attribute.entityLoginTranslationScript.label = Entity login translation script +config.OktaProvisioningStartWith.attribute.entityLoginTranslationScript.description = Entity login translation script + +config.OktaProvisioningStartWith.attribute.entityLastName.label = Entity last name +config.OktaProvisioningStartWith.attribute.entityLastName.description = Entity last name + +config.OktaProvisioningStartWith.attribute.subjectLastNameAttribute.label = Entity last name subject attribute +config.OktaProvisioningStartWith.attribute.subjectLastNameAttribute.description = Entity last name subject attribute + +config.OktaProvisioningStartWith.attribute.entityLastNameTranslationScript.label = Entity last name translation script +config.OktaProvisioningStartWith.attribute.entityLastNameTranslationScript.description = Entity last name translation script + +config.OktaProvisioningStartWith.attribute.entityFirstName.label = Entity first name +config.OktaProvisioningStartWith.attribute.entityFirstName.description = Entity first name + +config.OktaProvisioningStartWith.attribute.subjectFirstNameAttribute.label = Entity first name subject attribute +config.OktaProvisioningStartWith.attribute.subjectFirstNameAttribute.description = Entity first name subject attribute + +config.OktaProvisioningStartWith.attribute.entityFirstNameTranslationScript.label = Entity first name translation script +config.OktaProvisioningStartWith.attribute.entityFirstNameTranslationScript.description = Entity first name translation script # provisioner config was saved successfully provisionerConfigAddEditSuccess = Provisioner configuration was saved successfully. diff --git a/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java b/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java index a85293660cd8..51218d7c5cda 100644 --- a/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java +++ b/grouper/src/grouper/edu/internet2/middleware/grouper/app/okta/OktaProvisioningStartWith.java @@ -16,7 +16,7 @@ public class OktaProvisioningStartWith extends ProvisionerStartWithBase { @Override public String getPropertyValueThatIdentifiesThisConfig() { - return "googleCommon"; + return "oktaCommon"; } @Override @@ -24,7 +24,7 @@ public void populateProvisionerConfigurationValuesFromStartWith( Map startWithSuffixToValue, Map provisionerSuffixToValue) { - provisionerSuffixToValue.put("googleExternalSystemConfigId", startWithSuffixToValue.get("googleExternalSystemConfigId")); + provisionerSuffixToValue.put("oktaExternalSystemConfigId", startWithSuffixToValue.get("oktaExternalSystemConfigId")); if (StringUtils.equals(startWithSuffixToValue.get("userAttributesType"), "entityResolver") || StringUtils.equals(startWithSuffixToValue.get("userAttributesType"), "subjectSourceAndEntityResolver")) { provisionerSuffixToValue.put("entityResolver.entityAttributesNotInSubjectSource", "true"); @@ -73,24 +73,12 @@ public void populateProvisionerConfigurationValuesFromStartWith( } provisionerSuffixToValue.put("targetGroupAttribute.1.name", "name"); - String groupEmailAttributeValue = startWithSuffixToValue.get("groupEmailAttributeValue"); - if (StringUtils.equals("script", groupEmailAttributeValue)) { - provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "translationScript"); - provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpression", startWithSuffixToValue.get("groupEmailTranslationScript")); - } else if (StringUtils.equals("other", groupEmailAttributeValue)) { - //do nothing - } else { - provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "grouperProvisioningGroupField"); - provisionerSuffixToValue.put("targetGroupAttribute.2.translateFromGrouperProvisioningGroupField", groupEmailAttributeValue); - } - provisionerSuffixToValue.put("targetGroupAttribute.2.name", "email"); - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("useGroupDescription"), true)) { - provisionerSuffixToValue.put("numberOfGroupAttributes", 4); - provisionerSuffixToValue.put("targetGroupAttribute.3.name", "description"); - provisionerSuffixToValue.put("targetGroupAttribute.3.translateExpressionType", "grouperProvisioningGroupField"); - provisionerSuffixToValue.put("targetGroupAttribute.3.translateFromGrouperProvisioningGroupField", "description"); + provisionerSuffixToValue.put("numberOfGroupAttributes", 3); + provisionerSuffixToValue.put("targetGroupAttribute.2.name", "description"); + provisionerSuffixToValue.put("targetGroupAttribute.2.translateExpressionType", "grouperProvisioningGroupField"); + provisionerSuffixToValue.put("targetGroupAttribute.2.translateFromGrouperProvisioningGroupField", "description"); } provisionerSuffixToValue.put("groupAttributeValueCacheHas", "true"); @@ -112,46 +100,6 @@ public void populateProvisionerConfigurationValuesFromStartWith( } - { - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanAdd"), true)) { - provisionerSuffixToValue.put("whoCanAdd", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanJoin"), true)) { - provisionerSuffixToValue.put("whoCanJoin", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanViewMembership"), false)) { - provisionerSuffixToValue.put("whoCanViewMembership", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanViewGroup"), false)) { - provisionerSuffixToValue.put("whoCanViewGroup", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanInvite"), false)) { - provisionerSuffixToValue.put("whoCanInvite", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanModerateMembers"), false)) { - provisionerSuffixToValue.put("whoCanModerateMembers", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForAllowExternalMembers"), false)) { - provisionerSuffixToValue.put("allowExternalMembers", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForWhoCanPostMessage"), false)) { - provisionerSuffixToValue.put("whoCanPostMessage", "true"); - } - - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("hasMetadataForAllowWebHosting"), false)) { - provisionerSuffixToValue.put("allowWebPosting", "true"); - } - - } - if (GrouperUtil.booleanValue(startWithSuffixToValue.get("manageEntities"), false)) { provisionerSuffixToValue.put("makeChangesToEntities", "true"); } @@ -180,13 +128,13 @@ public void populateProvisionerConfigurationValuesFromStartWith( } provisionerSuffixToValue.put("targetEntityAttribute.1.name", "email"); - String entityFamilyNameType = startWithSuffixToValue.get("entityFamilyName"); - if (StringUtils.equals("script", entityFamilyNameType)) { + String entityLastNameType = startWithSuffixToValue.get("entityLastName"); + if (StringUtils.equals("script", entityLastNameType)) { provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "translationScript"); - provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpression", startWithSuffixToValue.get("entityFamilyNameTranslationScript")); - } else if (StringUtils.equals("other", entityFamilyNameType)) { + provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpression", startWithSuffixToValue.get("entityLastNameTranslationScript")); + } else if (StringUtils.equals("other", entityLastNameType)) { //do nothing - } else if (StringUtils.equals("subjectAttribute", entityFamilyNameType)) { + } else if (StringUtils.equals("subjectAttribute", entityLastNameType)) { provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "grouperProvisioningEntityField"); provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", "entityAttributeValueCache2"); @@ -200,17 +148,17 @@ public void populateProvisionerConfigurationValuesFromStartWith( } else { provisionerSuffixToValue.put("targetEntityAttribute.2.translateExpressionType", "grouperProvisioningEntityField"); - provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", entityFamilyNameType); + provisionerSuffixToValue.put("targetEntityAttribute.2.translateFromGrouperProvisioningEntityField", entityLastNameType); } - provisionerSuffixToValue.put("targetEntityAttribute.2.name", "familyName"); + provisionerSuffixToValue.put("targetEntityAttribute.2.name", "lastName"); - String entityGivenNameType = startWithSuffixToValue.get("entityGivenName"); - if (StringUtils.equals("script", entityGivenNameType)) { + String entityFirstNameType = startWithSuffixToValue.get("entityFirstName"); + if (StringUtils.equals("script", entityFirstNameType)) { provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "translationScript"); - provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpression", startWithSuffixToValue.get("entityGivenNameTranslationScript")); - } else if (StringUtils.equals("other", entityGivenNameType)) { + provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpression", startWithSuffixToValue.get("entityFirstNameTranslationScript")); + } else if (StringUtils.equals("other", entityFirstNameType)) { //do nothing - } else if (StringUtils.equals("subjectAttribute", entityGivenNameType)) { + } else if (StringUtils.equals("subjectAttribute", entityFirstNameType)) { provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "grouperProvisioningEntityField"); provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", "entityAttributeValueCache3"); @@ -223,11 +171,24 @@ public void populateProvisionerConfigurationValuesFromStartWith( } else { provisionerSuffixToValue.put("targetEntityAttribute.3.translateExpressionType", "grouperProvisioningEntityField"); - provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", entityGivenNameType); + provisionerSuffixToValue.put("targetEntityAttribute.3.translateFromGrouperProvisioningEntityField", entityFirstNameType); + } + provisionerSuffixToValue.put("targetEntityAttribute.3.name", "firstName"); + + String entityLoginSubjectAttributeType = startWithSuffixToValue.get("entityLoginSubjectAttribute"); + if (StringUtils.equals("script", entityLoginSubjectAttributeType)) { + provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpressionType", "translationScript"); + provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpression", startWithSuffixToValue.get("entityLoginTranslationScript")); + } else if (StringUtils.equals("other", entityLoginSubjectAttributeType)) { + //do nothing + } else { + provisionerSuffixToValue.put("targetEntityAttribute.4.translateExpressionType", "grouperProvisioningEntityField"); + provisionerSuffixToValue.put("targetEntityAttribute.4.translateFromGrouperProvisioningEntityField", entityLoginSubjectAttributeType); } - provisionerSuffixToValue.put("targetEntityAttribute.3.name", "givenName"); + + provisionerSuffixToValue.put("targetEntityAttribute.4.name", "login"); - provisionerSuffixToValue.put("numberOfEntityAttributes", "4"); + provisionerSuffixToValue.put("numberOfEntityAttributes", "5"); provisionerSuffixToValue.put("entityAttributeValueCacheHas", "true"); @@ -239,15 +200,15 @@ public void populateProvisionerConfigurationValuesFromStartWith( provisionerSuffixToValue.put("entityAttributeValueCache1has", "true"); provisionerSuffixToValue.put("entityAttributeValueCache1source", "target"); provisionerSuffixToValue.put("entityAttributeValueCache1type", "entityAttribute"); - provisionerSuffixToValue.put("entityAttributeValueCache1entityAttribute", "email"); + provisionerSuffixToValue.put("entityAttributeValueCache1entityAttribute", "login"); provisionerSuffixToValue.put("entityMatchingAttributeCount", "2"); - provisionerSuffixToValue.put("entityMatchingAttribute0name", "email"); + provisionerSuffixToValue.put("entityMatchingAttribute0name", "login"); provisionerSuffixToValue.put("entityMatchingAttribute1name", "id"); provisionerSuffixToValue.put("operateOnGrouperMemberships", "true"); provisionerSuffixToValue.put("provisioningType", "membershipObjects"); - provisionerSuffixToValue.put("class", "edu.internet2.middleware.grouper.app.google.GrouperGoogleProvisioner"); + provisionerSuffixToValue.put("class", "edu.internet2.middleware.grouper.app.okta.GrouperOktaProvisioner"); if (GrouperUtil.booleanValue(startWithSuffixToValue.get("addDisabledFullSyncDaemon"), true) || GrouperUtil.booleanValue(startWithSuffixToValue.get("addDisabledIncrementalSyncDaemon"), true)) { provisionerSuffixToValue.put("showAdvanced", "true"); @@ -263,7 +224,7 @@ public Map screenRedraw(Map suffixToValue, for (String suffixUserJustChanged: suffixesUserJustChanged) { - if (StringUtils.equals(suffixUserJustChanged, "googlePattern")) { + if (StringUtils.equals(suffixUserJustChanged, "oktaPattern")) { String valueUserEnteredOnScreen = suffixToValue.get(suffixUserJustChanged); if (StringUtils.equals(valueUserEnteredOnScreen, "manageGroupsManageEntities")) { result.put("manageGroups", "true");