I am currently proxying artifactory with a secure server that authenticates
users and forwards the username. However, I need to be able to populate the
email addresses as well. I'd also like to be able to create a password
automatically for the accounts at the time of generation by the SSO realm.
Because the password field is empty, users cannot "unlock" their account to
put in their email address or change other details manually. Here is an
example of a user whose account is generated in this way:
<user>
<username>sampleuser</username>
<password></password>
<admin>false</admin>
<enabled>true</enabled>
<updatableProfile>false</updatableProfile>
<accountNonExpired>true</accountNonExpired>
<credentialsNonExpired>true</credentialsNonExpired>
<accountNonLocked>true</accountNonLocked>
<realm>http-sso</realm>
<transientUser>false</transientUser>
<groups>
<userGroup>defaultgroup</userGroup>
</groups>
<lastLoginTimeMillis>0</lastLoginTimeMillis>
<lastAccessTimeMillis>0</lastAccessTimeMillis>
</user>
Ideally, I would forward this information through the proxy, like is done
with the REMOTE_USER variable. It can be assumed that the proxy has access
to the email address and a password.
It would also be acceptable if artifactory could auto-generate an email
using the REMOTE_USER variable or autofill new accounts with a default
password (because it's all secured by the SSO anyway)
Following is my security config descriptor:
<security>
<anonAccessEnabled>false</anonAccessEnabled>
<anonAccessToBuildInfosDisabled>false</anonAccessToBuildInfosDisabled>
<hideUnauthorizedResources>false</hideUnauthorizedResources>
<passwordSettings>
<encryptionPolicy>required</encryptionPolicy>
</passwordSettings>
<ldapSettings/>
<ldapGroupSettings/>
<httpSsoSettings>
<httpSsoProxied>true</httpSsoProxied>
<noAutoUserCreation>false</noAutoUserCreation>
<remoteUserRequestVariable>REMOTE_USER</remoteUserRequestVariable>
</httpSsoSettings>
</security>
Based on the research I've done, it seems like creating a user plugin for my
own realm is the way to go. However, I couldn't find resources on the jfrog
site as far as how to set the password or email address of an account using
the plugin, and I am also unclear on how to make it work with my SSO server
- I work relatively rarely with Java and not at all with Groovy, so please
excuse my ignorance here.
Thank you in advance for any help you can give.
--
View this message in context:
http://forums.jfrog.org/How-to-add-email-password-to-accounts-created-by-HTTP-SSO-authentication-tp7580428.html
Sent from the Artifactory - Users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
