I am using an authe service rule to establish SAML based SSO authentication. I provision user through a model operator. In ApplicationProfileSetUp extension point I call a service to obtain the user roles. Based on the user roles I need to decide whether I should show developer portal or user portal.
What I am doing now:
In model operator I have added 2 access groups - one as MyApp:Developers and the other as MyApp:Users. Once I get the user roles by calling the service I do the below 2 steps in sequence
Call OOTB activity RedirectAndRun and pass Access group Parameter as MyApp:Users (beased on detected roles)
Inject roles dynamically by calling OOTB API tools.getAuthorizationHandle().setRoles(tools, PRAuthorization.UPDATE_APPEND, tools.getStepPage().getProperty(".ListOfRoles"))
Access group is righly switched, but the roles are not getting added. If I stop call RedirectAndRun then roles are rightly added in the user profile.
What I need:
Both should work - Launching of the session with correct AG and poper allocation of roles.
Please Note : Since my application is hosted on tomcat cant use EstablishOperator (as that is for container managerd apps)
Thanks for any lead
***Edited by Moderator Marije to add Capability tags***
@Sayak1896 Hi Sayak, Instead of having a single model operator you can have two model operators one for users and another for developers and based on the roles/condition that you have you can set the model operator. You can do these logic in the Data page and give that data page in the model operator fields as shown below
in addition you can also use a data transform, you can check the below link on how to configure the data transform
@SrinidhiM Hi Srinidhi, Thanks for your response. I found my question lacks clarity. I mentioned that access group switching will be done based on user role. And this user roles are pulled through a SOAP call. This logic of calling the external application through SOAP is performed in ApplicationProfileSetup. There I have already ran out of the context of the authentication service rule.
To call this service I need to enrich the retrive details from atleast 4 other application. From architectural clarity did not want to call all the services in the auth service rule context as the auth servcice is specific to authentication and all these peripheral services that I am talking about are nneded to establish the authorization profile of the user.
So, in short I am looking for a mechanism that allows me to change the acces group from ApplicationProfileSetup
Posted: 2 months ago
Posted: 28 Nov 2022 3:51 EST
Srinidhi Mrithyunjayan (SrinidhiM)