diff --git a/server/src/main/java/access/provision/Provisioning.java b/server/src/main/java/access/provision/Provisioning.java index 285f1a65..e85fedac 100644 --- a/server/src/main/java/access/provision/Provisioning.java +++ b/server/src/main/java/access/provision/Provisioning.java @@ -24,6 +24,7 @@ public class Provisioning { private final String graphClientId; private final String graphSecret; private final String graphTenant; + private final String institutionGUID; public Provisioning(Map provider) { this.id = (String) provider.get("id"); @@ -47,6 +48,7 @@ public Provisioning(Map provider) { this.graphClientId = (String) provider.get("graph_client_id"); this.graphSecret = (String) provider.get("graph_secret"); this.graphTenant = (String) provider.getOrDefault("graph_tenant", "common"); + this.institutionGUID = (String) provider.get("coin:institution_guid"); this.invariant(); } @@ -67,6 +69,11 @@ private void invariant() { assert graphSecret != null: "graphSecret is null"; } } + switch (this.scimUserIdentifier) { + case eduID -> { + assert institutionGUID != null : "institutionGUID is null"; + } + } } public boolean isApplicableForGroupRequest() { diff --git a/server/src/main/java/access/provision/ProvisioningServiceDefault.java b/server/src/main/java/access/provision/ProvisioningServiceDefault.java index cbea39b7..12bd8aaa 100644 --- a/server/src/main/java/access/provision/ProvisioningServiceDefault.java +++ b/server/src/main/java/access/provision/ProvisioningServiceDefault.java @@ -1,5 +1,7 @@ package access.provision; +import access.eduid.EduID; +import access.eduid.EduIDProvision; import access.exception.RemoteException; import access.manage.Manage; import access.manage.ManageIdentifier; @@ -58,6 +60,7 @@ public class ProvisioningServiceDefault implements ProvisioningService { private final GraphClient graphClient; private final EvaClient evaClient; private final KeyStore keyStore; + private final EduID eduID; @Autowired public ProvisioningServiceDefault(UserRoleRepository userRoleRepository, @@ -66,6 +69,7 @@ public ProvisioningServiceDefault(UserRoleRepository userRoleRepository, Manage manage, ObjectMapper objectMapper, KeyStore keyStore, + EduID eduID, @Value("${voot.group_urn_domain}") String groupUrnPrefix, @Value("${config.eduid-idp-schac-home-organization}") String eduidIdpSchacHomeOrganization, @Value("${config.server-url}") String serverBaseURL) { @@ -76,6 +80,7 @@ public ProvisioningServiceDefault(UserRoleRepository userRoleRepository, this.objectMapper = objectMapper; this.keyStore = keyStore; this.groupUrnPrefix = groupUrnPrefix; + this.eduID = eduID; this.graphClient = new GraphClient(serverBaseURL, eduidIdpSchacHomeOrganization, keyStore, objectMapper); this.evaClient = new EvaClient(keyStore); // Otherwise, we can't use method PATCH @@ -94,7 +99,13 @@ public Optional newUserRequest(User user) { .filter(provisioning -> this.remoteProvisionedUserRepository.findByManageProvisioningIdAndUser(provisioning.getId(), user) .isEmpty()) .forEach(provisioning -> { - String userRequest = prettyJson(new UserRequest(user, provisioning)); + UserRequest request = new UserRequest(user, provisioning); + if (provisioning.getScimUserIdentifier().equals(ScimUserIdentifier.eduID) && + request.getExternalId().equals(user.getEduId())) { + //No fallback for failure + this.eduID.provisionEduid(new EduIDProvision(user.getEduId(), provisioning.getInstitutionGUID())); + } + String userRequest = prettyJson(request); Optional provisioningResponse = this.newRequest(provisioning, userRequest, user); provisioningResponse.ifPresent(response -> { if (!response.isErrorResponse() && StringUtils.hasText(response.remoteIdentifier())) {