-
Type:
Story
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Do
-
Affects Version/s: OpenIDM 6.0.0
-
Fix Version/s: None
-
Component/s: Module - Policy
-
Labels:
based on OPENIDM-9594
Policy conditions created in that JIRA work for User Self-Service progressive profiling, e.g.:
"condition" : { "type" : "queryFilter", "filter" : "/city eq \"Portland\"" },
(from the Progressive Profiling section
However, the change in OPENIDM-9594 was intended to work generally. If so, we should be able to modify the REST call in this section on Conditional Role Grants
But the following REST call fails:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "name": "fr-employee", "description": "Role granted to employees resident in France", "condition": { "type" : "queryFilter", "filter" : "/country eq \"FR\"" } }' \ "http://localhost:8080/openidm/managed/role?_action=create"
with the following message:
{
"code": 403,
"reason": "Forbidden",
"message": "Policy validation failed",
"detail": {
"result": false,
"failedPolicyRequirements": [
{
"policyRequirements": [
{
"params": {
"invalidType": "object",
"validTypes": [
"string"
]
},
"policyRequirement": "VALID_TYPE"
}
],
"property": "condition"
}
]
}
}
Possible solution: update policy.js to avoid this failure, to enable the use of queryFilter for the condition described in https://ea.forgerock.com/docs/idm/integrators-guide/index.html#conditional-role-grants
- is required by
-
OPENIDM-9635 queryFilter: describe support for object config
-
- Closed
-