Adding an attribute to a User

[tawaren]

I'm trying to add an attribute to a user when running a PersonAuthentication or a DynamicScope interception script. In both cases, it gives an exception: The following code is an excerpt from the PersonAuthentication script (in the method authenticate)

UserService userService = CdiUtil.bean(UserService.class);
User user = userService.getUser(user_name);
user.setAttribute("device-lock", "Just a test for now", false);
userService.updateUser(user);

The last line throws the following exception:
io.jans.orm.exception.EntryPersistenceException: Failed to find entry: 'inum=2e00ee5f-edbd-467d-8bda-58e6052d63c1,ou=people,o=jans'

However, the getUser(...) works fine, and I can even access the user's attributes without problems. Over the TUI I could confirm that the logged-in user has the inum the exception claims not to find.

Do I use the UserService wrong? Or are interception scripts not allowed to add a new attribute to existing users?

[nynymike]

IF this is a new attribute, did you add a column in the User table to support storing this attribute? You also need to register the Attribute in Auth Server (i.e. add attribute metadata, like its datatype and SAML URI). This can be done throught the config API or CLI.

[tawaren]

Thanks. I was confused by the error message and did not consider that the attribute must be added explicitly first, which in hindsight makes sense.

[tawaren]

While everything worked in the end, I wanted to give some feedback about a problem I had at first. At first, I got an error because the column type for the attribute could not be found. The columns are read at startup from the DB and stored in memory. Thus, if a column is added after the authentication server has started, it is not found, and an error occurs. After restarting the authentication server, it works fine.

[ossdhaval]

Hi @tawaren Thank you for your feedback. It means a lot. 🤝

Tagging @yuriyz for his comments on the behavior described above.
Hi Yuriyz,
Do you think there is a possibility that we can fix this and remove the need to restart the auth server? If yes, then let's open an issue. Else let's document it.

[yuriyz]

That's right, AS has to be restarted. It is by design. @ossdhaval would you please mention in docs that restart is required if schema is changed ?

[ossdhaval]

Sure. New issue now attached to this discussion to take care of the documentation.