Hi all, Just thinking aloud here about how passwords are encoded in Syncope. Let's say I have some Users in an SQL backend I want to synchronize into Syncope. I want to 'retrieve passwords' in the Connector, as I want to allow users to call on the 'rest/user/verifyPassword/X.json?password=Y' API, and so I provide an appropriate mapping.
If the passwords are stored in the backend in a hashed format then there is no way of successfully calling the above API from what I can see. The 'Password Cipher Algorithm' String of the Connector only applies to the hashing algorithm used for propagation not for synchronization. PasswordEncoder.verify() will hash the user password according to user.getCipherAlgorithm(), and so it will end up hashing the password twice in this use-case. Does it make sense that if the Connector is configured to hash passwords on the propagation side using a given algorithm, that we can have some internal logic in Syncope that will treat a retrieved password as hashed according to this algorithm? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
