De mon point de vue la gestion des identités et des accès (Identity & Access Management) se doit d'établir une relation entre des personnes et des comptes. Bien entendu ce n'est pas la seule relation que l'on doit établir, mais celle là est historique. On peut aussi se dire qu'un autre programme de type IGA sera en charge de cette liaison et logique, mais c'est encore empiler des solutions.
Syncope ne dispose pas d'objet en propre pour les personnes. Les deux objets fondamentaux sont USER et GROUP. Il est possible de fabriquer cet objet et il aura le type fondamental OTHER_TYPE. Si on choisit cette voie alors au travers d'une relation on pourra lier un compte à une identité.
Je ne connais pas encore très bien les implications et avantages de ce modèle mais je pense que l'on peut avoir une autre approche.
Utiliser l'objet GROUP pour réunir les comptes d'une identité (un groupe = une identité). C'est plus une intuition qu'un design et cela doit être évalué au regard de l'autre approche.
Ce qui me fait penser à cette solution ce trouve dans cet ensemble d'objet de la configuration de l'instance Embedded dont les intrications multiples me semblent riches de perspectives :
<SyncopeGroup id="f779c0d4-633b-4be5-8f57-32eb478a3ca5" name="otherchild" realm_id="e4c28e7a-9dbf-4ee7-9441-93812a0d4a28" creator="admin" lastModifier="admin" creationDate="2010-10-20 11:00:00" lastChangeDate="2010-10-20 11:00:00"/>
<TypeExtension id="88a71478-30aa-4ee0-8b2b-6cb32e7ba264" group_id="f779c0d4-633b-4be5-8f57-32eb478a3ca5" anyType_id="PRINTER"/>
<UMembership id="6d8a7dc0-d4bc-4b7e-b058-abcd3df28f28" user_id="1417acbe-cbf6-4277-9372-e75e04f97000" group_id="f779c0d4-633b-4be5-8f57-32eb478a3ca5"/>
<SyncopeGroup_ExternalResource group_id="f779c0d4-633b-4be5-8f57-32eb478a3ca5" resource_id="ws-target-resource-2"/>
<AnyTemplatePullTask id="3a6173a9-8c34-4e37-b3b1-0c2ea385fac0" pullTask_id="c41b9b71-9bfa-4f90-89f2-84787def4c5c" anyType_id="USER" template="{"_class":"org.apache.syncope.common.lib.to.UserTO","creator":null,"creationDate":null,"lastModifier":null,"lastChangeDate":null,"key":null,"type":"USER","realm":null,"status":null,"password":null,"token":null,"tokenExpireTime":null,"username":null,"lastLoginDate":null,"changePwdDate":null,"failedLogins":null,"securityQuestion":null,"securityAnswer":null,"auxClasses":["csv"],"derAttrs":[{"schema":"cn","values":[""]}],"resources":["resource-testdb"],"relationships":[],"memberships":[{"groupKey":"f779c0d4-633b-4be5-8f57-32eb478a3ca5","groupName":null}],"dynMemberships":[],"roles":[],"dynRoles":[],"plainAttrs":[{"schema":"ctype","values":["email == 'test8@syncope.apache.org'? 'TYPE_8': 'TYPE_OTHER'"]}]}"/>
En premier on trouve un groupe otherChild qui est associer à l'objet PRINTER.
On trouve une relation de Rossini avec ce groupe et aussi avec une ressource externe ws-target-resource-2.
Enfin une tâche de Pull, ou Traction dans sa traduction Québécoise, qui remonte les enregistrements d'un fichier texte
En dessous la version extraite via l'API. J'ai supprimé des tâche de traction pour alléger le rendu.
Ce qui est surprenant, et pour l'instant pas vraiment compréhensible, c'est la partie finale de la tâche, avec un objet nommée template qui semble définir des attributs pour un groupe ou un compte d'une ressource. Mais il n'existe pas de GUI qui permette cette configuration ni d'API Rest, mais que l'on trouve bien dans l'API Java 🤔
{
"_class": "org.apache.syncope.common.lib.to.PullTaskTO",
"key": "c41b9b71-9bfa-4f90-89f2-84787def4c5c",
"start": "2025-11-29T17:35:00.2386891+01:00",
"end": "2025-11-29T17:35:00.3426076+01:00",
"latestExecStatus": "SUCCESS",
"lastExecutor": "admin",
"executions": [
{
"start": "2025-11-29T14:40:00.349666Z",
"end": "2025-11-29T14:40:01.376985Z",
"key": "019ad00e-775d-7d8c-9a25-e17af1ff2282",
"jobType": "TASK",
"refKey": "c41b9b71-9bfa-4f90-89f2-84787def4c5c",
"refDesc": "PULL Task c41b9b71-9bfa-4f90-89f2-84787def4c5c CSV (update matching; assign unmatching)",
"status": "SUCCESS",
"message": "Users [created/failures]: 0/1 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\nAccounts [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\n\n\nUsers failed to create: CREATE FAILURE (key/name): null/asmith with message: SyncopeClientCompositeException: {[RequiredValuesMissing [fullname]]}\n",
"executor": "admin"
},
....
{
"start": "2025-11-29T15:30:00.134196Z",
"end": "2025-11-29T15:30:11.833623Z",
"key": "019ad03c-3d46-7ffc-92b9-e043fab7cc98",
"jobType": "TASK",
"refKey": "c41b9b71-9bfa-4f90-89f2-84787def4c5c",
"refDesc": "PULL Task c41b9b71-9bfa-4f90-89f2-84787def4c5c CSV (update matching; assign unmatching)",
"status": "SUCCESS",
"message": "Users [created/failures]: 3/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\nAccounts [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\n\n\nUsers created:\nCREATE SUCCESS (key/name): 019ad03c-3fb2-75d4-a7c8-edf4dd9c253b/asmith \nCREATE SUCCESS (key/name): 019ad03c-552f-7267-9e3d-dfef42aa9415/cmiller \nCREATE SUCCESS (key/name): 019ad03c-623b-7fe8-9630-ff6858ba093b/jdoe \n",
"executor": "admin"
},
{
"start": "2025-11-29T15:35:00.126121Z",
"end": "2025-11-29T15:35:00.192457Z",
"key": "019ad040-d11e-7b08-9891-9fa4f617bb07",
"jobType": "TASK",
"refKey": "c41b9b71-9bfa-4f90-89f2-84787def4c5c",
"refDesc": "PULL Task c41b9b71-9bfa-4f90-89f2-84787def4c5c CSV (update matching; assign unmatching)",
"status": "SUCCESS",
"message": "Users [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\nAccounts [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\n",
"executor": "admin"
},
....
{
"start": "2025-11-29T17:35:00.2386891+01:00",
"end": "2025-11-29T17:35:00.3426076+01:00",
"key": "019ad077-c00e-7971-89c4-de53567f0872",
"jobType": "TASK",
"refKey": "c41b9b71-9bfa-4f90-89f2-84787def4c5c",
"refDesc": "PULL Task c41b9b71-9bfa-4f90-89f2-84787def4c5c CSV (update matching; assign unmatching)",
"status": "SUCCESS",
"message": "Users [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\nAccounts [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0\n",
"executor": "admin"
}
],
"cronExpression": "0 0/5 * * * ?",
"jobDelegate": "PullJobDelegate",
"name": "CSV (update matching; assign unmatching)",
"description": null,
"lastExec": "2025-11-29T17:35:00.2386891+01:00",
"nextExec": "2025-11-29T17:39:59.0207221+01:00",
"active": true,
"resource": "resource-csv",
"performCreate": true,
"performUpdate": true,
"performDelete": true,
"syncStatus": true,
"unmatchingRule": "ASSIGN",
"matchingRule": "UPDATE",
"actions": [
"LDAPMembershipPullActions"
],
"concurrentSettings": null,
"destinationRealm": "/",
"remediation": false,
"pullMode": "INCREMENTAL",
"reconFilterBuilder": null,
"templates": {
"GROUP": {
"_class": "org.apache.syncope.common.lib.to.GroupTO",
"key": null,
"type": "GROUP",
"realm": null,
"name": null,
"creator": null,
"creationDate": null,
"creationContext": null,
"lastModifier": null,
"lastChangeDate": null,
"lastChangeContext": null,
"dynRealms": [],
"status": null,
"auxClasses": [],
"plainAttrs": [],
"derAttrs": [],
"resources": [],
"relationships": [],
"userOwner": null,
"groupOwner": null,
"udynMembershipCond": null,
"staticUserMembershipCount": 0,
"dynamicUserMembershipCount": 0,
"staticAnyObjectMembershipCount": 0,
"dynamicAnyObjectMembershipCount": 0,
"adynMembershipConds": {},
"typeExtensions": []
},
"USER": {
"_class": "org.apache.syncope.common.lib.to.UserTO",
"key": null,
"type": "USER",
"realm": null,
"username": null,
"creator": null,
"creationDate": null,
"creationContext": null,
"lastModifier": null,
"lastChangeDate": null,
"lastChangeContext": null,
"dynRealms": [],
"status": null,
"auxClasses": [
"csv"
],
"plainAttrs": [
{
"schema": "ctype",
"values": [
"email == 'test8@syncope.apache.org'? 'TYPE_8': 'TYPE_OTHER'"
]
}
],
"derAttrs": [
{
"schema": "cn",
"values": [
""
]
}
],
"resources": [
"resource-testdb"
],
"relationships": [],
"password": null,
"token": null,
"tokenExpireTime": null,
"lastLoginDate": null,
"changePwdDate": null,
"failedLogins": null,
"securityQuestion": null,
"securityAnswer": null,
"suspended": false,
"mustChangePassword": false,
"memberships": [
{
"groupKey": "f779c0d4-633b-4be5-8f57-32eb478a3ca5",
"groupName": null,
"plainAttrs": [],
"derAttrs": []
}
],
"dynMemberships": [],
"roles": [],
"dynRoles": [],
"linkedAccounts": [],
"delegatingDelegations": [],
"delegatedDelegations": []
}
}
}