[CONF] Apache Syncope > Access Management features
Title: Message Title There's 1 new edit on this page Access Management features Francesco Chicchiricco edited this page Here's what changed: Features 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via mod_shib (Apache HTTPd) nginx-http-shibboleth (Nginx) iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via mod_auth_openidc (Apache HTTPd) nginx-openid-connect (Nginx) Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd Nginx Java .NET PHP Perl Python Ruby Standard set of authentication modules, and API to extend / create new ones: JAAS username / password with different back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius Kerberos U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 Implement UMA Components (New) Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing (NEW) API gateway for REST APIs authentication and authorization Core, which will provide additional REST endpoints for Access Management features References Projects and products ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Syncope 3.0
Title: Message Title There's 2 new edits on this page [DISCUSS] Syncope 3.0 Francesco Chicchiricco edited this page Here's what changed: ... Info This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Table of Contents outline true style none Tracked as SYNCOPE-1410. Overall architecture ... introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI - more details introduce a new component (APIGW), which will provide API gateway features - more detailsfeatures introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration split the existing features set into three subsets, so that any given deployment will pick only what required: idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources am - the authentication and authorization features - mostly to build on top of existing libraries Drawio border true viewerToolbar true fitWindow false diagramName Apache Syncope 3.0 Architecture simpleViewer false width diagramWidth 1232 revision 3 New components Weblogin Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing APIGW API gateway for REST APIs authentication and authorization Keymaster Shall be based on existing Open Source products as Apache Zookeper or Consul Discussion items CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well The Eclipse plugin seems also to have no users; proposal is to remove it as well Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on Spring Boot PRO easy to migrate (being the current code Spring-based) widely adopted (status quo) can be easily converted to WAR, allowing traditional deployment in existing environments CONS not real microservice, mostly an embedded Tomcat Eclipse Microprofile PRO promising approach, lot of rumors and buzz around microservice native CONS major rewrite needed in case Spring and / or CXF cannot be re-used different implementations available, not as stable and widespread as their Java EE counterparts In previous Syncope versions, an admin can specify an account lockout policy that locks a user out after a number of bad login attempts. The problem is that a malicious user who knows others usernames for an account could lock users out. We should look into adding an account policy option to instead display a captcha after a number of bad login attempts. Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Syncope 3.0
Title: Message Title There's 1 new edit on this page [DISCUSS] Syncope 3.0 Francesco Chicchiricco edited this page Here's what changed: ... Info This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Tracked as SYNCOPE-1410. Overall architecture Compared to 2.1, a major architectural refactoring is proposed, with the following objectives: ... Drawio border true viewerToolbar true fitWindow false diagramName Apache Syncope 3.0 Architecture simpleViewer false width diagramWidth 1232 revision 3 Discussion items CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well The Eclipse plugin seems also to have no users; proposal is to remove it as well Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on Spring Boot PRO easy to migrate (being the current code Spring-based) widely adopted (status quo) can be easily converted to WAR, allowing traditional deployment in existing environments CONS not real microservice, mostly an embedded Tomcat Eclipse Microprofile PRO promising approach, lot of rumors and buzz around microservice native CONS major rewrite needed in case Spring and / or CXF cannot be re-used different implementations available, not as stable and widespread as their Java EE counterparts In previous Syncope versions, an admin can specify an account lockout policy that locks a user out after a number of bad login attempts. The problem is that a malicious user who knows others usernames for an account could lock users out. We should look into adding an account policy option to instead display a captcha after a number of bad login attempts. Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Access Management features
Title: Message Title There's 1 new edit on this page Access Management features Francesco Chicchiricco edited this page Here's what changed: Features 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via mod_shib (Apache HTTPd) nginx-http-shibboleth (Nginx) iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via mod_auth_openidc (Apache HTTPd) nginx-openid-connect (Nginx) Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd Nginx Java .NET PHP Perl Python Ruby Standard set of authentication modules, and API to extend / create new ones: JAAS username / password with different back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius Kerberos U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 Implement UMA Components (New) Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing (NEW) API gateway for REST APIs authentication and authorization Core, which will provide additional REST endpoints for Access Management features References Projects and products OpenSSO / OpenAM CAS Apache Fortress Apache CXF Fediz Keycloack Topics Enterprise Single SignOn API gateway mobile Physical Access Management / IoT eIDAS ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Fusion
Title: Message Title There's 2 new edits on this page Fusion Francesco Chicchiricco edited this page Here's what changed: Table of Contents maxLevel 1 style decimal 2.1.3 (January 17th, 2019) Apache Syncope 2.1.3 Fusion is the third maintenance release of Apache Syncope 2.1, with several fixes and improvements. Info title Upgrade procedure Upgrading from 2.1.2? There are some notes about this process. New and noteworthy Support for PostgreSQL JSONB Data Type With general purpose of increasing overall performance, and specific target of making Syncope able to scale up to million identities, support for PostgreSQL JSONB data type was introduced. Performance test results are available. Configuration options to enable such support are documented in the Reference Guide. Request Management support in the Enduser UI Introduced in Syncope 2.1.2, request management is now also available from Enduser UI, enabling end-users to initiate new requests, fill data and check existing requests. Search Improvements Various fixes and enhancements finally landed that significantly improve User, Group, Any Object and Task search operations, both in performance and consistence terms; see SYNCOPE-1417, SYNCOPE-1419, SYNCOPE-1412 and SYNCOPE-1424 for details. After Enduser UI, now also Admin Console is accessible to the visually impaired Now both Admin Console and Enduser UI implement accessibility features to help usage by the visually impaired. Issues Bug [SYNCOPE-1391] - Check template for confirmPasswordReset and mustChangePassword [SYNCOPE-1393] - jexl function fullPath2Dn return invalid value for ROOT realm [SYNCOPE-1399] - Error while executing the custom task to initialize indices with Elasticsearch v6.x [SYNCOPE-1404] - Dialog not closing in Netbeans ide plugin when creating a new element [SYNCOPE-1405] - Error during db initialization: views.xml always set for PostgreSQL [SYNCOPE-1406] - Error during startup because of missing property 'historyLevel' [SYNCOPE-1407] - Date pattern ignored by widget [SYNCOPE-1408] - Partial user edit via Role layout implies removing all unmanaged attributes [SYNCOPE-1411] - User/Any object updates generate attributes with null owner in case of patches involving membership attributes [SYNCOPE-1417] - Search with order by two plain attributes gives no results [SYNCOPE-1419] - User and AnyObject search fails in case of not leaf conditions given on multivalue fields [SYNCOPE-1420] - Expired Access Tokens might impede successful authentication [SYNCOPE-1425] - Mapping item transformers do not work for non-string values ... Info title Upgrade procedure Upgrading from 2.1.1? There are some notes about this process. New and noteworthy Request Management Request management is a key-feature of Identity Governance and allows to define and manage, in a structured way, whatever process intended to update identity attributes, memberships and relationships.Request examples are "assign mobile phone", "grant groups on AD" or "consent access to application". ... Info title Upgrade procedure Upgrading from 2.1.0? There are some notes about this process. New and noteworthy Batch Batch requests allow grouping multiple operations into a single HTTP request payload.A batch request is represented as a Multipart MIME v1.0 message, a standard format allowing the representation of multiple parts, each of which may have a different content type (currently JSON, YAML or XML), within a single request. ... Tip Simply put, Syncope 2.1 Fusion is Syncope 2.0 Jazz on steroids. New and noteworthy Apache Groovy-based customizations ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.1.2 to 2.1.3
Title: Message Title There's 1 new edit on this page Upgrade from 2.1.2 to 2.1.3 Francesco Chicchiricco edited this page Here's what changed: ... to core/src/main/resources/provisioning.properties. Add Code Block entity.factory=org.apache.syncope.core.persistence.jpa.entity.JPAEntityFactory plainSchema.dao=org.apache.syncope.core.persistence.jpa.dao.JPAPlainSchemaDAO plainAttr.dao=org.apache.syncope.core.persistence.jpa.dao.JPAPlainAttrDAO plainAttrValue.dao=org.apache.syncope.core.persistence.jpa.dao.JPAPlainAttrValueDAO user.dao=org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO group.dao=org.apache.syncope.core.persistence.jpa.dao.JPAGroupDAO anyObject.dao=org.apache.syncope.core.persistence.jpa.dao.JPAAnyObjectDAO conf.dao=org.apache.syncope.core.persistence.jpa.dao.JPAConfDAO to core/src/main/resources/persistence.properties. Replace the following files with their 2.1.3 counterparts (if found, re-apply any customization previously made; otherwise, skip): under core/src/main/resources: persistenceContext.xml provisioningContext.xml workflowFlowableContext.xml views.xml, depending on the actual DBMS used for internal storage: PostgreSQL SQL Server other under core/src/main/resources/META-INF: spring-orm.xml spring-orm-oracle.xml spring-orm-sqlserver.xml all files under enduser/src/main/webapp/app ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.1.2 to 2.1.3
Title: Message Title
There's 1 new edit on this page
Upgrade from 2.1.2 to 2.1.3
Francesco Chicchiricco edited this page
Here's what changed:
...
change parent/version from 2.1.2 to 2.1.3
change properties/syncope.version from 2.1.2 to 2.1.3
In core/pom.xml, replace
Code Block
language
xml
org.apache.syncope.core
syncope-core-workflow-flowable
${syncope.version}
with
Code Block
language
xml
org.apache.syncope.ext.flowable
syncope-ext-flowable-rest-cxf
${syncope.version}
In console/pom.xml, add
Code Block
language
xml
org.apache.syncope.ext.flowable
syncope-ext-flowable-client-console
${syncope.version}
as first child of the element in the all profile; then remove
Code Block
language
xml
org.flowable
flowable-ui-modeler-app
war
test
and the whole element (including children). Files In the workflow.properties file enabled with Flowable support (it could be core/src/main/resources/workflow.properties, core/src/main/resources/all/workflow.properties or other, depending on your project setup), replace ...
language
java
... Files Add
Code Block
notificationManager=org.apache.syncope.core.
...
provisioning.
... with ...
language
java
...
java.notification.DefaultNotificationManager
auditManager=org.apache.syncope.core.
...
provisioning.
...
java.
...
DefaultAuditManager
... to core/src/main/resources/ ... provisioning.properties ... . ...
Code Block
flowableModelerDirectory=${flowable-modeler.directory}
and
Code Block
page.workflow=org.apache.syncope.client.console.pages.Workflow
then add
Code Block
topology.corePoolSize=10
topology.maxPoolSize=20
topology.queueCapacity=50
Replace the following files with their 2.1.2 3 counterparts (re-apply any customization previously made):
core/src/main/resources/restCXFContext.xml
core/src/main/resources/workflowFlowableContext.xml (if such file is present in your source tree)
all files under enduser/src/main/webapp/app
Classes
move all workflow tasks from package org.apache.syncope.core.workflow.flowable.task to package org.apache.syncope.core.flowable.task
change parent class from AbstractFlowableServiceTask to FlowableServiceTask
Internal Storage If not using Flowable Stop the Java EE container running Syncope Core, then execute the following SQL statement:
Code Block
language
sql
DROP VIEW user_search;
ALTER TABLE SyncopeUser DROP COLUMN workflowId;
CREATE VIEW user_search AS SELECT u.id as any_id, u.* FROM SyncopeUser u;
_null_attr;
DROP VIEW group_search;
ALTER TABLE SyncopeGroup DROP COLUMN workflowId;
CREATE VIEW group_search AS SELECT r.id as any_id, r.* FROM SyncopeGroup r;
_null_attr;
DROP VIEW anyObject_search;
ALTER TABLE AnyObject DROP COLUMN workflowId;
CREATE VIEW anyObject_search AS SELECT a.id as any_id, a.* FROM AnyObject a;
Finally start again the Java EE container. If using Flowable Stop the Java EE container running Syncope Core, then follow the instructions to download and extract the upgrade tool, the run it by adding the "-flowable-2.1.2" switch to the command line as follows:
Code Block
language
sql
./syncopeupgrade.sh org.postgresql.Driver \
jdbc:postgresql://localhost:5432/syncope syncope syncope postgres \
-flowable-2.1.2 \
upgradeFlowable212.sql
Now execute the SQL statements as generated above in the upgradeFlowable212.sql file against the internal storage: in case of errors, apply manual corrections until everything runs clear; consider to restore from the backup taken above if needed, before executing the updated SQL statements again. Finally start again the Java EE container and watch the log files to check for any error. User workflow definition The user workflow must be updated: in the XML definition, replace any occurrence like as follows:
Code Block
flowable:_expression_="#{create.execute(execution.processInstanceId)}"
with
Code Block
flowable:delegateExpression="${create}"
Once the updated definition is set, stop the Java EE container and verify the actual version on the
[CONF] Apache Syncope > Jazz
Title: Message Title There's 1 new edit on this page Jazz Francesco Chicchiricco edited this page Here's what changed: ... Info title Upgrade procedure Upgrading from 2.0.11? There are some notes about this process. New and noteworthy Search Improvements Various fixes and enhancements finally landed that significantly improve User, Group, Any Object and Task search operations, both in performance and consistence terms; see SYNCOPE-1417, SYNCOPE-1419, SYNCOPE-1412 and SYNCOPE-1424 for details. After Enduser UI, now also Admin Console is accessible to the visually impaired Now both Admin Console and Enduser UI implements accessibility features to help usage by the visually impaired. Issues Bug [SYNCOPE-1391] - Check template for confirmPasswordReset and mustChangePassword [SYNCOPE-1393] - jexl function fullPath2Dn return invalid value for ROOT realm [SYNCOPE-1398] - Console stucks on update with unique key constraint violation [SYNCOPE-1405] - Error during db initialization: views.xml always set for PostgreSQL [SYNCOPE-1407] - Date pattern ignored by widget [SYNCOPE-1408] - Partial user edit via Role layout implies removing all unmanaged attributes [SYNCOPE-1411] - User/Any object updates generate attributes with null owner in case of patches involving membership attributes [SYNCOPE-1417] - Search with order by two plain attributes gives no results [SYNCOPE-1419] - User and AnyObject search fails in case of not leaf conditions given on multivalue fields [SYNCOPE-1420] - Expired Access Tokens might impede successful authentication [SYNCOPE-1425] - Mapping item transformers do not work for non-string values ... [SYNCOPE-1394] - Add un-claim capability for requests [SYNCOPE-1396] - Give the possibility to configure TLS client parameters [SYNCOPE-1409] - Avoid double round-trip to External Resource during Push [SYNCOPE-1412] - Serch Search for identities with null attributes can be improved [SYNCOPE-1416] - remove user_search_null_attr view [SYNCOPE-1422] - Permit to provide custom implementation of NotificationManager and AuditManager [SYNCOPE-1424] - Improve Propagation task ordered search ... Info title Upgrade procedure Upgrading from 2.0.8? There are some notes about this process. New and noteworthy OpenID Connect Client features ... CVE-2018-1321 CVE-2018-1322 New and noteworthy Admin Console New language translation available: Japanese. ... Info title Upgrade procedure Upgrading from 2.0.6? There are some notes about this process. New and noteworthy SCIM 2.0 The SCIM extension is now available, allowing to provision users and groups through the new /scim REST endpoint according to the SCIM (System for Cross-domain Identity Management) 2.0 specifications. ... Info title Upgrade procedure Upgrading from 2.0.4? There are some notes about this process. New and noteworthy SAML 2.0 Service Provider improvements ... Info title Upgrade procedure Upgrading from 2.0.3? There are some notes about this process. New and noteworthy Netbeans Plugin Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features. ... Info title Upgrade procedure Upgrading from 2.0.2? There are some notes about this process. New and noteworthy SAML 2.0 Service Provider features ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.0.11 to 2.0.12
Title: Message Title There's 1 new edit on this page Upgrade from 2.0.11 to 2.0.12 Francesco Chicchiricco edited this page Here's what changed: ... change parent/version from 2.0.11 to 2.0.12 change properties/syncope.version from 2.0.11 to 2.0.12 Internal Storage Code Block language sql DROP VIEW user_search_null_attr; DROP VIEW group_search_null_attr; DROP VIEW anyObject_search_null_attr; Files Add ... Code Block topology.corePoolSize=10 topology.maxPoolSize=20 topology.queueCapacity=50 ... notificationManager=org.apache.syncope.core.provisioning.java.notification.DefaultNotificationManager auditManager=org.apache.syncope.core.provisioning.java.DefaultAuditManager to core/src/main/resources/consoleprovisioning.properties. Replace the following files with their 2.0.11 12 counterparts (re-apply any customization previously made): core/src/main/resources/restCXFContext.xml all files under enduser/src/main/webapp/app Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Jazz
Title: Message Title There's 1 new edit on this page Jazz Francesco Chicchiricco edited this page Here's what changed: Table of Contents maxLevel 1 style decimal 2.0.12 (January 17th, 2019) Apache Syncope 2.0.12 Jazz is a maintenance release. Info title Upgrade procedure Upgrading from 2.0.11? There are some notes about this process. Issues Bug [SYNCOPE-1391] - Check template for confirmPasswordReset and mustChangePassword [SYNCOPE-1393] - jexl function fullPath2Dn return invalid value for ROOT realm [SYNCOPE-1398] - Console stucks on update with unique key constraint violation [SYNCOPE-1405] - Error during db initialization: views.xml always set for PostgreSQL [SYNCOPE-1407] - Date pattern ignored by widget [SYNCOPE-1408] - Partial user edit via Role layout implies removing all unmanaged attributes [SYNCOPE-1411] - User/Any object updates generate attributes with null owner in case of patches involving membership attributes [SYNCOPE-1417] - Search with order by two plain attributes gives no results [SYNCOPE-1419] - User and AnyObject search fails in case of not leaf conditions given on multivalue fields [SYNCOPE-1420] - Expired Access Tokens might impede successful authentication [SYNCOPE-1425] - Mapping item transformers do not work for non-string values ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well IDE plugins (both Eclipse and Netbeans) seem also to have no users; proposal is to remove both Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on Spring Boot PRO easy to migrate (being the current code Spring-based) widely adopted (status quo) can be easily converted to WAR, allowing traditional deployment in existing environments CONS not real microservice, mostly an embedded Tomcat Eclipse Microprofile PRO promising approach, lot of rumors and buzz around microservice native CONS major rewrite needed in case Spring and / or CXF cannot be re-used different implementations available, not as stable and widespread as their Java EE counterparts Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... Info This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Tracked as SYNCOPE-1410. Compared to 2.1, a major architectural refactoring is proposed, with the following objectives: ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 1 new edit on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: ... 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via mod_shib (Apache HTTPd) nginx-http-shibboleth (Nginx) iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via mod_auth_openidc (Apache HTTPd) nginx-openid-connect (Nginx) Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd Nginx Java .NET PHP Perl Python Ruby Standard set of authentication modules, and API to extend / create new ones: JAAS username / password with different back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius Kerberos U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 Implement UMA Components (New) Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing (NEW) API gateway for REST APIs authentication and authorization Core, which will provide additional REST endpoints for Access Management features ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new comment on this page [DISCUSS] Apache Syncope 3.0 Architecture Maxim Thomas In Spring Boot standalone app, it is possible to use Undertow instead of Tomcat, seems it shows better performance. Francesco Chicchiricco Thanks for the tip! Reply • Like View comment Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 2 new edits on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: ... 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via mod_shib (Apache HTTPd) nginx-http-shibboleth (Nginx) iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via mod_auth_openidc (Apache HTTPd) nginx-openid-connect (Nginx) Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd Nginx Java .NET PHP Perl Python Ruby Standard set of authentication modules, and API to extend / create new ones: JAAS username / password with different back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius Kerberos U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI adapt to the configured Access Management features, i.e. if a given deployment supports a certain SAML 2.0 IdP or OpenID Connect Provider, then the login form will adapt accordingly if a given deployment requires MFA, the login form will handle the flow - see there introduce a new component (APIGW), which will provide API gateway featuresfeatures - see there introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration split the existing features set into three subsets, so that any given deployment will pick only what required: idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources am - the authentication and authorization features - mostly to build on top of existing libraries ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 1 new edit on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: ... 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via mod_shib (Apache HTTPd) nginx-http-shibboleth (Nginx) iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via mod_auth_openidc (Apache HTTPd) nginx-openid-connect (Nginx) Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd Nginx Java .NET PHP Perl Python Ruby Standard set of authentication modules, and API to extend / create new ones: username / password with different back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 Components (New) Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing (NEW) API gateway for REST APIs authentication and authorization Core, which will provide additional REST endpoints for Access Management features References Projects and products ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 1 new edit on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: ... 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider; Integrate via Integrate via mod_shib (Apache HTTPd), nginx-http-shibboleth (Nginx), iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification; integrate via integrate via mod_auth_openidc (Apache HTTPd), nginx-openid-connect (Nginx), Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol; integrate via the various CAS clients available: Apache HTTPd, Nginx, Java, .NET, PHP, Perl, Python, Ruby Standard set of authentication modules, and API to extend / create new ones: username / password with different backends back-ends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius U2F WebAuthn ... Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access) Multi-factor authentication Authorization Access Policies URL-based grant-based (for JWT) Implement XACML 3.0 Flexible UI for web access dynamically adapting for the configured authentication features (modules, chains, levels, ...) highly customizable, either graphically and processing API gateway for REST APIs authentication and authorization References Projects and products ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 1 new edit on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: ... 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider Integrate via mod_shib (Apache HTTPd),nginx-http-shibboleth (Nginx), iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification integrate via mod_auth_openidc (Apache HTTPd), nginx-openid-connect (Nginx), Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol integrate via the various CAS clients available: Apache HTTPd, Nginx, Java, .NET, PHP, Perl, Python, Ruby Standard set of authentication modules, and API to extend / create new ones: username / password with different backends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius U2F WebAuthn Authentication chains by combining more authentication modules similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication Multi-factor authentication ... References Projects and products OpenSSO / OpenAM CAS Apache Fortress Apache CXF Fediz Keycloack ... Topics Enterprise Single SignOn API gateway mobile Physical Access Management / IoT eIDAS ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on Spring Boot PRO easy to migrate (being the current code Spring-based) widely adopted (status quo) can be easily converted to WAR, allowing traditional deployment in existing environments CONS not real microservice, mostly an embedded Tomcat Eclipse Microprofile PRO promising approach, lot of rumors and buzz around microservice native CONS major rewrite needed in case Spring and / or CXF cannot be re-used different implementations available, not as stable and widespread as their Java EE counterparts Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Access Management features
Title: Message Title There's 1 new edit on this page [DISCUSS] Access Management features Francesco Chicchiricco edited this page Here's what changed: sources: Features 3rd party apps authentication, SSO and authorization: Act as SAML 2.0 Identity Provider Integrate via mod_shib (Apache HTTPd),nginx-http-shibboleth (Nginx), iis7_shib.dll (IIS) Act as OpenID Connect 1.0 Provider, gain certification integrate via mod_auth_openidc (Apache HTTPd), nginx-openid-connect (Nginx), Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS) Implement the latest version available of the CAS protocol integrate via the various CAS clients available: Apache HTTPd, Nginx, Java, .NET, PHP, Perl, Python, Ruby Standard set of authentication modules, and API to extend / create new ones: username / password with different backends (DBMS, LDAP, ...) TLS client certificate Time-based One-time password SAML 2.0 SP OpenID Connect 1.0 Client Radius U2F WebAuthn Authentication chains by combining more authentication modules similar to Linux's PAM (required, sufficient, requisite, ...) Step-up authentication Multi-factor authentication Reference projects and products OpenSSO / OpenAM CAS Apache Fortress Apache CXF Fediz Keycloack Reference topics ... Enterprise Single SignOn API gateway mobile Physical Access Management / IoT eIDAS ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new comment on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco A good candidate for APIGW could be built on top of Spring Cloud Gateway. For Keymaster, Apache Zookeper could be managed via Spring Cloud Zookeeper. Reply • Like View comment Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new comment on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco I have spent some time experimenting with Microprofile (as I have already quite some experience with Spring Boot), and built an Hello World application with Apache TomEE, Thorntail (former Wildfly Swarm) and Payara Micro. After doing some code and reading few blog posts, my opinion is that we should better go with Spring Boot, for the following reasons: migration of existing code will be easier (Spring → Spring, rather than Spring → CDI) Spring Boot can generate fat JARs (for standalone deployment) and plain WARs (for traditional deployment), I haven't found any way to do the same with Microprofile; this is important because we need to preserve the possibility to deploy Apache Syncope 3.0 either as a Java EE application and a microservice while at the moment we keep using Apache CXF and Apache OpenJPA even when deploying to Wildfly or Payara Micro, doing the same is not possible with their Microprofile counterparts, as the code will abstract from the concrete implementations Reply • Like View comment Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: Info This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Compared to 2.1, a major architectural refactoring is proposed, with the following objectives: ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI adapt to the configured Access Management features, i.e. if a given deployment supports a certain SAML 2.0 IdP or OpenID Connect Provider, then the login form will adapt accordingly if a given deployment requires MFA, the login form will handle the flow introduce a new component (APIGW), which will provide API gateway features introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration split the existing features set into three subsets, so that any given deployment will pick only what required: idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources am - the authentication and authorization features - mostly to build on top of existing libraries Drawio border true viewerToolbar true fitWindow false diagramName Apache Syncope 3.0 Architecture simpleViewer false width diagramWidth 1232 revision 3 Discussion items CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on Spring Boot PRO easy to migrate (being the current code Spring-based) widely adopted (status quo) can be easily converted to WAR, allowing traditional deployment in existing environments CONS not real microservice, mostly an embedded Tomcat Eclipse Microprofile PRO promising approach, lot of rumors and buzz around microservice native CONS major rewrite needed in case Spring and / or CXF cannot be re-used different implementations available, not as stable and widespread as their Java EE counterparts Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: ... introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI adapt to the configured Access Management features, i.e. if a given deployment supports a certain SAML 2.0 IdP or OpenID Connect Provider, then the login form will adapt accordingly if a given deployment requires MFA, the login form will handle the flow introduce a new component (APIGW), which will provide API gateway features introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration split the existing features set into three subsets, so that any given deployment will pick only what required: idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources am - the authentication and authorization features - mostly to build on top of existing libraries Drawio border true viewerToolbar true fitWindow false diagramName Apache Syncope 3.0 Architecture simpleViewer false width diagramWidth 10031232 revision 23 Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > [DISCUSS] Apache Syncope 3.0 Architecture
Title: Message Title There's 1 new edit on this page [DISCUSS] Apache Syncope 3.0 Architecture Francesco Chicchiricco edited this page Here's what changed: Compared to 2.1, a major architectural refactoring is proposed, with the following objectives: introduce a new, flexible UI for web access (Weblogin), which will replace the existing login forms for Admin Console and Enduser UI adapt to the configured Access Management features, i.e. if a given deployment supports a certain SAML 2.0 IdP or OpenID Connect Provider, then the login form will adapt accordingly if a given deployment requires MFA, the login form will handle the flow introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration split the features set into three subsets, so that any given deployment will pick only what required: idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources am - the authentication and authorization features - mostly to build on top of existing libraries Drawio border true viewerToolbar true fitWindow false diagramName Apache Syncope 3.0 Architecture simpleViewer false width diagramWidth 1003 revision 12 Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Roadmap
Title: Message Title There's 1 new edit on this page Roadmap Francesco Chicchiricco edited this page Here's what changed: ... Table of Contents maxLevel 2 style decimal 2.1.0 (Fusion) Issues See updated list on project's JIRA. [SYNCOPE-129] Delegation [SYNCOPE-152] Support SCIM REST API [SYNCOPE-534] OAuth 2.0 Service Provider [SYNCOPE-699] Apache Shiro integration [SYNCOPE-956] Allow for scripted customizations [SYNCOPE-957] Multiaccount 3.0.0 (Maggiore) Issues See updated list on project's JIRA. [SYNCOPE-161] Pluggable authentication modules [SYNCOPE-162] PDC-based authentication [SYNCOPE-163] Authentication chain [SYNCOPE-165] One-time password [SYNCOPE-167] Resource access policies [SYNCOPE-957] Multiaccount [SYNCOPE-129] Delegation [SYNCOPE-534] OAuth 2.0 Service Provider 4.0.0 (Notturno) Issues See updated list on project's JIRA. ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.1.1 to 2.1.2
Title: Message Title There's 1 new edit on this page Upgrade from 2.1.1 to 2.1.2 Francesco Chicchiricco edited this page Here's what changed: ... Replace the following files with their 2.01.11 2 counterparts (re-apply any customization previously made): core/src/main/resources/restCXFContext.xml core/src/main/resources/workflowFlowableContext.xml (if such file is present in your source tree) all files under enduser/src/main/webapp/app ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Fusion
Title: Message Title There's 1 new edit on this page Fusion Francesco Chicchiricco edited this page Here's what changed: ... Info title Upgrade procedure Upgrading from 2.1.1? There are some notes about this process. New and noteworthy TODO Request Management Request management is a key-feature of Identity Governance and allows to define and manage, in a structured way, whatever process intended to update identity attributes, memberships and relationships. Request examples are "assign mobile phone", "grant groups on AD" or "consent access to application". Users can initiate whichever request among the ones defined; once initiated, such requests will follow their own path, which might also include one or more approval steps. More details in the Reference Guide. Enduser UI improvements Dynamic Templating a simple and fast way to customize structure and style of the whole application - read more in the Reference Guide. Accessibility Enduser UI is now accessible to the visually impaired - read more in the Reference Guide. Netbeans IDE Plugin: support for Groovy implementations As successful completion of Google Summer of Code 2018, a student contribution was made to enable the Netbeans IDE Plugin with capability to remotely manage Groovy implementations. Issues Bug [SYNCOPE-1360] - Delegated administration to Dynamic Realms not possible [SYNCOPE-1361] - Custom audit appender does not work after a restart [SYNCOPE-1362] - Sorting users by creation date raises RuntimeException [SYNCOPE-1363] - Deleting multiple users at once reports "Operation delete not supported" [SYNCOPE-1364] - Upgrade tool from 2.0 script error [SYNCOPE-1365] - Erorr during retrieve candidate groups for approval process [SYNCOPE-1366] - Audit events ownership always set to admin user [SYNCOPE-1370] - Password reset succeeds also on wrong captcha [SYNCOPE-1371] - After upgrade from 2.0, error when updating Realm: ClassCastException: Expected LOGIC_ACTIONS, got PULL_ACTIONS [SYNCOPE-1372] - Password history checks not effective [SYNCOPE-1373] - Custom task schedule is reset after update [SYNCOPE-1374] - Concurrent propagation tasks for non-Master domains not saved [SYNCOPE-1375] - The existence of a membership attribute mapping implies membership creation during pull [SYNCOPE-1376] - swagger-ui server URL incorrect behind ssl reverse proxy [SYNCOPE-1377] - Wrong X-Syncope-Domain header does not throw an error [SYNCOPE-1380] - During Push or Pull, if policy with conflict resolution IGNORE is set, the process is interrupted as soon as such setting applies [SYNCOPE-1383] - Exception during "getObject" from external resource [SYNCOPE-1387] - ClassCast exception when pull realms [SYNCOPE-1388] - mustChangePassword flag does not prevent user from invoking actions [SYNCOPE-1389] - In case of virtual attribute mapping, propagation is always set as UPDATE also in case of CREATE [SYNCOPE-1390] - Pull Realms: pull task with Unmatching Rules: PROVISION shouldn't create propagation task ... [SYNCOPE-962] - Upgrade to Wicket 7.5.0 [SYNCOPE-1080] - Update swagger-jaxrs dependency to 1.5.13 [SYNCOPE-1204] - Upgrade Migration code and guide [SYNCOPE-1208] - MIgrate to JUnit 5 [SYNCOPE-1262] - Upgrade to Swagger UI 3.0 [SYNCOPE-1327] - Enable build with Java 10 a simple and fast way to customize structure and style of the whole Enduser Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.0.10 to 2.0.11
Title: Message Title There's 1 new edit on this page Upgrade from 2.0.10 to 2.0.11 Francesco Chicchiricco edited this page Here's what changed: ... change parent/version from 2.0.10 to 2.0.11 change properties/syncope.version from 2.0.10 to 2.0.11 Files Add Code Block topology.corePoolSize=10 topology.maxPoolSize=20 topology.queueCapacity=50 to console/src/main/resources/console.properties. Replace the following files with their 2.0.11 counterparts (re-apply any customization previously made): core/src/main/resources/restCXFContext.xml all files under enduser/src/main/webapp/app Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Git workflow
Title: Message Title There's 1 new edit on this page Git workflow Francesco Chicchiricco edited this page Here's what changed: ... Code Block language bash cd syncope git remote add syncope https://github.com/apache/syncope.git or Code Block language bash cd syncope git remote add syncope g...@github.com:apache/syncope.git ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Git workflow
Title: Message Title There's 1 new edit on this page Git workflow Francesco Chicchiricco edited this page Here's what changed: ... Code Block language bash cd syncope git remote add syncope https://git-wip-usgitbox.apache.org/repos/asf/syncope.git or Code Block language bash cd syncope git remote add syncope g...@github.com:apache/syncope.git Create the feature branch ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Fusion
Title: Message Title There's 1 new edit on this page Fusion Francesco Chicchiricco edited this page Here's what changed: Table of Contents maxLevel 1 style decimal 2.1.1 (August 17th, 2018) ... Apache Syncope 2.1.1 Fusion is the first maintenance release of Apache Syncope 2.1: besides several fix, it introduces Batch requests. Info title Upgrade procedure Upgrading from 2.1.0? There are some notes about this process. New and noteworthy Batch Batch requests allow grouping multiple operations into a single HTTP request payload. A batch request is represented as a Multipart MIME v1.0 message, a standard format allowing the representation of multiple parts, each of which may have a different content type (currently JSON, YAML or XML), within a single request. More details in the Reference Guide. Issues Bug [SYNCOPE-1331] - ExternalResourcePropagationAction is too long name for a table in Oracle DB [SYNCOPE-1333] - Missing virtual attribute value in case of type extension [SYNCOPE-1334] - Maven install problem with Apache Syncope 2.1.0 [SYNCOPE-1335] - Missing SQL statements when upgrading from 2.0 Jazz [SYNCOPE-1337] - Password history policy is not enforced on salted passwords [SYNCOPE-1338] - Double type conversion applied during pull leads to errors [SYNCOPE-1339] - Enduser spinner does not apply to the whole page [SYNCOPE-1340] - Cannot update membership attribute [SYNCOPE-1342] - console UI login form ignores Domain selection [SYNCOPE-1343] - Attributes are not reset after pull of null values [SYNCOPE-1344] - CORE_SCHEME not being updated in enduser.properties [SYNCOPE-1346] - Adding a new task while re-executing a propagation task [SYNCOPE-1347] - Invocation Problem calling org.apache.syncope.installer.processes.ArchetypeProcess [SYNCOPE-1350] - Date values not formatted according to the conversion pattern [SYNCOPE-1352] - Group wizard doesn't update the plain attributes [SYNCOPE-1353] - DBPasswordPropagationActions link in the reference guide is wrong [SYNCOPE-1354] - Push Tasks do not send status onto External Resources [SYNCOPE-1356] - LDAPMembershipPullActions does not remove memberships [SYNCOPE-1357] - MemoryVirAttrCache not working [SYNCOPE-1358] - Search by boolean value does not work from Admin Console ... Tip Simply put, Syncope 2.1 Fusion is Syncope 2.0 Jazz on steroids. New and noteworthy Apache Groovy-based customizations ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.1.0 to 2.1.1
Title: Message Title There's 1 new edit on this page Upgrade from 2.1.0 to 2.1.1 Francesco Chicchiricco edited this page Here's what changed: ... change parent/version from 2.1.0 to 2.1.1 change properties/syncope.version from 2.1.0 to 2.1.1 Files Add Code Block jwsAlgorithm=HS512 to core/src/main/resources/security.properties. Replace the following files with their 2.0.10 counterparts (re-apply any customization previously made): ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Jazz
Title: Message Title There's 2 new edits on this page Jazz Francesco Chicchiricco edited this page Here's what changed: Table of Contents maxLevel 1 style decimal 2.0.10 (August 17th, 2018) ... Apache Syncope 2.0.10 Jazz is a maintenance release. Info title Upgrade procedure Upgrading from 2.0.9? There are some notes about this process. Issues Bug [SYNCOPE-1333] - Missing virtual attribute value in case of type extension [SYNCOPE-1337] - Password history policy is not enforced on salted passwords [SYNCOPE-1338] - Double type conversion applied during pull leads to errors [SYNCOPE-1339] - Enduser spinner does not apply to the whole page [SYNCOPE-1340] - Cannot update membership attribute [SYNCOPE-1343] - Attributes are not reset after pull of null values [SYNCOPE-1344] - CORE_SCHEME not being updated in enduser.properties [SYNCOPE-1346] - Adding a new task while re-executing a propagation task [SYNCOPE-1347] - Invocation Problem calling org.apache.syncope.installer.processes.ArchetypeProcess [SYNCOPE-1350] - Date values not formatted according to the conversion pattern [SYNCOPE-1352] - Group wizard doesn't update the plain attributes [SYNCOPE-1353] - DBPasswordPropagationActions link in the reference guide is wrong [SYNCOPE-1354] - Push Tasks do not send status onto External Resources [SYNCOPE-1356] - LDAPMembershipPullActions does not remove memberships [SYNCOPE-1357] - MemoryVirAttrCache not working [SYNCOPE-1358] - Search by boolean value does not work from Admin Console ... Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.0.8 to 2.0.9
Title: Message Title There's 1 new edit on this page Upgrade from 2.0.8 to 2.0.9 Francesco Chicchiricco edited this page Here's the version comment Francesco Chicchiricco edited at 01:39 PM Reverted from v. 3 Here's what changed: Table of Contents maxLevel 2 style decimal Source changes POMIn the root pom POM In the root pom.xml: change parent/version from 2 change parent/version from 2.0. 8 to 2 8 to 2.0.9 change properties change properties/syncope. version from 2 version from 2.0. 8 to 2 8 to 2.0.9 In console/src/main/webapp/WEB-INF/web.xml: add: Code Block language xml oidcclient.login.success.url ../wicket/bookmarkable/org.apache.syncope.client.console.pages.OIDCClientLogin oidcclient.login.error.url ../wicket/bookmarkable/org.apache.syncope.client.console.pages.Login oidcclient.logout.success.url ../wicket/bookmarkable/org.apache.syncope.client.console.pages.OIDCClientLogout oidcclient.logout.error.url ../wicket/bookmarkable/org.apache.syncope.client.console.pages.Login oidcclient.redirect.selfreg ../wicket/bookmarkable/org.apache.syncope.client.console.pages.OIDCClientSelfReg In enduser In enduser/src/main/webapp/WEB-INF/web.xml: add: Code Block language xml oidcclient.login.success.url ../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.OIDCClientLogin oidcclient.login.error.url ../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.HomePage oidcclient.logout.success.url ../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.OIDCClientLogout oidcclient.logout.error.url ../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.HomePage oidcclient.redirect.selfreg ../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.OIDCClientSelfReg FilesReplace Files Replace the following files with their 2.0.9 counterparts (re-apply any customization previously made): core/src/main/resources/views.xml (if using PostgreSQL) all files under enduser/src/main/webapp/app/ Go to page history View page Stop watching space • Manage notifications This message was sent by Atlassian Confluence 6.9.0
[CONF] Apache Syncope > Upgrade from 2.0.7 to 2.0.8
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.7 to 2.0.8 ... Source changes POM In the root pom.xml: change parent/version from 2.0.7 to 2.0.8 change properties/syncope.version from 2.0.7 to 2.0.8 Other Files If the file is available in your local sources, replace the following file with its 2.0.8 counterpart (re-apply any customization previously made): core/src/main/resources/restCXFContext.xml For Enduser UI, replace the following files with their 2.0.8 counterpart (re-apply any customization previously made): enduser/src/main/webapp/app/index.html enduser/src/main/webapp/app/js/app.js all files under enduser/src/main/webapp/app/languages enduser/src/main/webapp/app/views/self.html Other The configuration parameter tasks.interruptMaxRetries is not needed anymore: you can delete it either: from Admin Console, under Configuration > Parameters via REST with Code Block DELETE http://host:port/syncope/rest/configurations/tasks.interruptMaxRetries View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 1.2.10 to 1.2.11
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 1.2.10 to 1.2.11 ... change parent/version from 1.2.10 to 1.2.11 change properties/syncope.version from 1.2.10 to 1.2.11 Other SYNCOPE-1103 Replace the following files with its 1.2.11 counterpart: core/src/main/resources/schedulingContext.xml core/src/main/resources/persistence.properties View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 1.2.10 to 1.2.11
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 1.2.10 to 1.2.11 Table of Contents maxLevel 2 style decimal POM In the root pom.xml: change parent/version from 1.2.10 to 1.2.11 change properties/syncope.version from 1.2.10 to 1.2.11 ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Intermezzo
Title: Message Title Francesco Chicchiricco edited a page Intermezzo Table of Contents maxLevel 1 style decimal 1.2.11 (March 13th, 2018) Upgrading from 1.2.10? There are some notes about this. Bug [SYNCOPE-1070] - Conversion pattern ignored for date, long and double values during propagation [SYNCOPE-1102] - Unique attribute update inserts additional value [SYNCOPE-1128] - Content exporter does not sort for internal foreign keys [SYNCOPE-1168] - Encryptor pads short secret keys with "0" instead of random characters [SYNCOPE-1210] - Random password generation fails for push tasks Improvement [SYNCOPE-1083] - ConnInstance location is not normalized [SYNCOPE-1086] - Avoid to read whole entities to check ETag [SYNCOPE-1087] - Avoid to read input entities if no notification or audit are requested [SYNCOPE-1103] - Option to disable Quartz instances across cluster 1.2.10 (January 24th, 2017) Upgrading from 1.2.9? There are some notes about this. Bug [SYNCOPE-963] - Various content upgrade "edge case" failures [SYNCOPE-965] - Cron _expression_ for scheduled job is not saved from the console [SYNCOPE-973] - NotFound error returned by user create under high load [SYNCOPE-975] - Search case insensitive ilike operator triggers search validation [SYNCOPE-976] - Duplicated events shown by admin console for notifications and audit [SYNCOPE-999] - REST exception mapper overwrites Spring Security response Improvement [SYNCOPE-971] - Case insensitive search [SYNCOPE-983] - Search performance improvement with mandatory schemas only ... Upgrading from 1.2.8? There are some notes about this. Bug [SYNCOPE-876] - Fake after object reported by propagation in case of delete [SYNCOPE-923] - Sync / Pull task not configured for delete causes incremental sync to prematurely stop [SYNCOPE-928] - Table that stores user passwords store duplicate entries [SYNCOPE-929] - Braces are ignored for FIQL strings [SYNCOPE-936] - Sync token reset to NULL when no SyncDelta items are available [SYNCOPE-939] - Password history not checked when user changes password [SYNCOPE-943] - Security question gets deleted when changing a user attribute in the console [SYNCOPE-954] - Wicket exception when running an enable or disable action Improvement [SYNCOPE-877] - Better handling of not found exception logged at global policy retrieval time [SYNCOPE-949] - Leave WebApplicationException to default processing ... Upgrading from 1.2.7? There are some notes about this. Bug [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema [SYNCOPE-769] - Sync performance decrease [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal [SYNCOPE-840] - REST API doc url breaks without trailing slash Improvement [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive [SYNCOPE-804] - Support the explanation of the Connector Configuration properties [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs [SYNCOPE-855] - Synchronization token management enhancement in case of errors [SYNCOPE-858] - Ensure afterObject is provided after propagation ... Upgrading from 1.2.6? There are some notes about this. Bug [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided [SYNCOPE-735] - Acitiviti history tables uncontrolled growth [SYNCOPE-739] - Virtual attributes are not updated after a sync task [SYNCOPE-741] - Tasks page unusable when a task has thousand executions Improvement [SYNCOPE-748] - Selectively delete task and report executions [SYNCOPE-751] - Preview for PDF binary values 1.2.6 (November 5th, 2015) Bug [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password [SYNCOPE-691] - Multivalue virtual attribute does not work [SYNCOPE-702] - Documentation issue on Architecture section [SYNCOPE-707] - ConfigurationLogic doesn't check the existence of key during deletion. [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources [SYNCOPE-712] - Error while searching roles by parent [SYNCOPE-716] - Cannot specify conversion pattern during schema creation [SYNCOPE-717] - Inconsistent double attribute value management Improvement [SYNCOPE-708] - Conform the Logger "service stack" to others ... Upgrading from 1.2.4? There are some notes about this. Bug [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name [SYNCOPE-669] - Search filter in the notifications doesn't work properly [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task [SYNCOPE-671] -
[CONF] Apache Syncope > Create a new Syncope project
Title: Message Title Francesco Chicchiricco edited a page Create a new Syncope project ... Code Block mvn archetype:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repo1.maven.org/maven2 \ -DarchetypeVersion=1.2.1011 The archetype is configured with default values for all properties required by the archetype. If you want to customize any of these property values, type 'n' when prompted for confirmation. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > [DISCUSS] Privilege management
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] Privilege management ... Roles can be associated to zero or more ApplicationsPrivileges. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > [DISCUSS] Privilege management
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] Privilege management ... Roles can be associated to zero or more PrivilegesApplications. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > [DISCUSS] Privilege management
Title: Message Title
Francesco Chicchiricco edited a page
[DISCUSS] Privilege management
... Enable Syncope with the ability to define, map and query the rights that users own on external applications. Design Implementation Introduce two new entities:
Application - with name and optional description
Privilege - with name and optional specification, where specification is a binary field where it is possible to store arbitrary values - for example some descriptive JSON to provide operational information about this privilege: it could be { "method": "POST", "url": "/a/b/c" } and then 3rd party applications can provide their own interpretation
An Application can have zero or more Privileges attached. Roles can be associated to zero or more Privileges.
View page
•
Add comment
•
Like
Stop watching space
•
Manage notifications
This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Run Syncope in real environments
Title: Message Title Francesco Chicchiricco deleted a comment Re: Run Syncope in real environments DELETED Hi, I don't know if this is the right place ... but, I'll give it a try. I am having trouble running Syncope on Tomcat 7 with MariaDB. I followed all the instructions but keep getting the error: ... Dec 04, 2015 2:51:22 PM org.apache.catalina.core.StandardContext listenerStartSEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListenerorg.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springContextInitializer' defined in file [/home/fabricio/tomcat/apache-tomcat-7.0.65/webapps/syncope/WE B-INF/classes/org/apache/syncope/core/init/SpringContextInitializer.class]: Invocation of init method failed; nested exception is org.apache.op enjpa.persistence.ArgumentException: Errors encountered while resolving metadata. See nested exceptions for details. ... Caused by: org.apache.openjpa.persistence.ArgumentException: Table "ExternalResource" given for "org.apache.syncope.core.persistence.beans.ExternalResource" does not exist. It seems a database table has not been created during startup, as it was supposed to. If anyone has any idea it would be much appreciated, Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Run Syncope in real environments
Title: Message Title Francesco Chicchiricco deleted a comment Re: Run Syncope in real environments DELETED Please send an empty e-mail to user-subscr...@syncope.apache.org and follow instructions received. Then send the question above in a mail to u...@syncope.apache.org - at that point I will remove the comment above. Regards. Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > FAQ
Title: Message Title Francesco Chicchiricco edited a page FAQ ... Code Block [REST]:[AuthenticationController]:[]:[login]:[SUCCESS] [REST]:[AuthenticationController]:[]:[login]:[FAILURE] With Wildfly 10, I get the error "Unknown:ClassNotFoundException: com.sun.org.apache.xerces.internal.dom.DOMXSImplementationSourceImpl" This issue is resolved by adding following entries to $JBOSS_HOME/modules/sun/jdk/main/modules.xml: Code Block language xml Reference: https://stackoverflow.com/questions/15684993/class-from-rt-jar-not-found View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.5 to 2.0.6
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.5 to 2.0.6 ... Source changes POM In the root pom.xml: change parent/version from 2.0.5 to 2.0.6 change properties/syncope.version from 2.0.5 to 2.0.6 Other Replace the following files with their 2.0.6 counterparts (re-apply any customization previously made): coreconsole/src/main/resources/log4j2.xmlcore/src/main/resources/mail.console.properties coreenduser/src/main/resources/securityenduser.properties core/src/main/resources/domains/MasterContent.xml core/src/main/resources/all /saml2sp-logic.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/TwoContent.xml all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.5 to 2.0.6
Title: Message Title Francesco Chicchiricco created a page Upgrade from 2.0.5 to 2.0.6 POM Other Source changes POM In the root pom.xml: change parent/version from 2.0.5 to 2.0.6 change properties/syncope.version from 2.0.5 to 2.0.6 Other Replace the following files with their 2.0.6 counterparts (re-apply any customization previously made): core/src/main/resources/log4j2.xml core/src/main/resources/mail.properties core/src/main/resources/security.properties core/src/main/resources/domains/MasterContent.xml core/src/main/resources/all/saml2sp-logic.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/TwoContent.xml all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.4 to 2.0.5
Title: Message Title Francesco Chicchiricco created a page Upgrade from 2.0.4 to 2.0.5 Before starting Source changes POM Other Before starting Due to the changes occurred in JWT management, execute the SQL query below on your internal storage: DELETE FROM AccessToken; DROP VIEW user_search_udyngmemb; DROP VIEW user_search_dynrmemb; DROP VIEW anyObject_search_adyngmemb; DROP TABLE DynRoleMembership_User; DROP TABLE DynGroupMembership_User; DROP TABLE DynGroupMembership_AnyObject; CREATE TABLE UDynGroupMembers( any_id CHAR(36), group_id CHAR(36), UNIQUE(any_id, group_id)); CREATE TABLE ADynGroupMembers( anyType_id VARCHAR(255), any_id CHAR(36), group_id CHAR(36), UNIQUE(anyType_id, any_id, group_id)); CREATE TABLE DynRoleMembers( any_id CHAR(36), role_id VARCHAR(255), UNIQUE(any_id, role_id)); CREATE TABLE DynRealmMembers( any_id CHAR(36), dynRealm_id VARCHAR(255), UNIQUE(any_id, dynRealm_id)); CREATE INDEX UDynGroupMembers_any_id ON UDynGroupMembers(any_id); CREATE INDEX UDynGroupMembers_group_id ON UDynGroupMembers(group_id); CREATE INDEX ADynGroupMembers_any_id ON ADynGroupMembers(any_id); CREATE INDEX ADynGroupMembers_group_id ON ADynGroupMembers(group_id); CREATE INDEX DynRoleMembers_any_id ON DynRoleMembers(any_id); CREATE INDEX DynRoleMembers_role_id ON DynRoleMembers(role_id); CREATE INDEX DynRealmMembers_any_id ON DynRealmMembers(any_id); CREATE INDEX DynRealmMembers_dynRealm_id ON DynRealmMembers(dynRealm_id); CREATE INDEX UPAttrUniqueValue_attrIndex on UPlainAttrUniqueValue(attribute_id); CREATE INDEX GPAttrUniqueValue_attrIndex on GPlainAttrUniqueValue(attribute_id); CREATE INDEX APAttrUniqueValue_attrIndex on APlainAttrUniqueValue(attribute_id); CREATE INDEX CPAttrUniqueValue_attrIndex on CPlainAttrUniqueValue(attribute_id); CREATE INDEX UPlainAttr_schema_Index on UPlainAttr(schema_id); CREATE INDEX UPlainAttr_membership_Index on UPlainAttr(membership_id); CREATE INDEX GPlainAttr_schema_Index on GPlainAttr(schema_id); CREATE INDEX APlainAttr_schema_Index on APlainAttr(schema_id); CREATE INDEX APlainAttr_membership_Index on APlainAttr(membership_id); Please beware that the statement above will, among other things, invalidate any existing session. Source changes POM In the root pom.xml: change parent/version from 2.0.4 to 2.0.5 change properties/syncope.version from 2.0.4 to 2.0.5 Other Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made): core/src/main/resources/indexes.xml core/src/main/resources/log4j2.xml core/src/main/resources/persistence.properties core/src/main/resources/provisioning.properties core/src/main/resources/security.properties core/src/main/resources/views.xml core/src/main/resources/domains/Master.properties core/src/main/resources/domains/MasterContent.xml core/src/test/resources/domains/Master.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/Two.properties core/src/test/resources/domains/TwoContent.xml console/src/main/resources/console.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.3 to 2.0.4
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.3 to 2.0.4 ... Code Block language sql DELETE FROM AccessToken; DROP VIEW user_search_udyngmemb; DROP VIEW user_search_dynrmemb; DROP VIEW anyObject_search_adyngmemb; CREATE TABLE UDynGroupMembers( any_id CHAR(36), group_id CHAR(36), UNIQUE(any_id, group_id)); CREATE TABLE ADynGroupMembers( anyType_id VARCHAR(255), any_id CHAR(36), group_id CHAR(36), UNIQUE(anyType_id, any_id, group_id)); CREATE TABLE DynRoleMembers( any_id CHAR(36), role_id VARCHAR(255), UNIQUE(any_id, role_id)); CREATE TABLE DynRealmMembers( any_id CHAR(36), dynRealm_id VARCHAR(255), UNIQUE(any_id, dynRealm_id)); CREATE INDEX UDynGroupMembers_any_id ON UDynGroupMembers(any_id); CREATE INDEX UDynGroupMembers_group_id ON UDynGroupMembers(group_id); CREATE INDEX ADynGroupMembers_any_id ON ADynGroupMembers(any_id); CREATE INDEX ADynGroupMembers_group_id ON ADynGroupMembers(group_id); CREATE INDEX DynRoleMembers_any_id ON DynRoleMembers(any_id); CREATE INDEX DynRoleMembers_role_id ON DynRoleMembers(role_id); CREATE INDEX DynRealmMembers_any_id ON DynRealmMembers(any_id); CREATE INDEX DynRealmMembers_dynRealm_id ON DynRealmMembers(dynRealm_id); CREATE INDEX UPAttrUniqueValue_attrIndex on UPlainAttrUniqueValue(attribute_id); CREATE INDEX GPAttrUniqueValue_attrIndex on GPlainAttrUniqueValue(attribute_id); CREATE INDEX APAttrUniqueValue_attrIndex on APlainAttrUniqueValue(attribute_id); CREATE INDEX CPAttrUniqueValue_attrIndex on CPlainAttrUniqueValue(attribute_id); CREATE INDEX UPlainAttr_schema_Index on UPlainAttr(schema_id); CREATE INDEX UPlainAttr_membership_Index on UPlainAttr(membership_id); CREATE INDEX GPlainAttr_schema_Index on GPlainAttr(schema_id); CREATE INDEX APlainAttr_schema_Index on APlainAttr(schema_id); CREATE INDEX APlainAttr_membership_Index on APlainAttr(membership_id); Please beware that the statement above will, among other thinsthings, invalidate any existing session. Source changes POM In the root pom.xml: change parent/version from 2.0.3 to 2.0.4 change properties/syncope.version from 2.0.3 to 2.0.4 Other Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made): core/src/main/resources/indexes.xml core/src/main/resources/log4j2.xml core/src/main/resources/persistence.properties core/src/main/resources/provisioning.properties core/src/main/resources/security.properties core/src/main/resources/views.xml core/src/main/resources/domains/Master.properties core/src/main/resources/domains/MasterContent.xml core/src/test/resources/domains/Master.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/Two.properties core/src/test/resources/domains/TwoContent.xml console/src/main/resources/console.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.3 to 2.0.4
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.3 to 2.0.4 ... Code Block language sql DELETE FROM AccessToken; DROP VIEW user_search_udyngmemb; DROP VIEW user_search_dynrmemb; DROP VIEW anyObject_search_adyngmemb; CREATE TABLE UDynGroupMembers( any_id CHAR(36), group_id CHAR(36), UNIQUE(any_id, group_id)); CREATE TABLE ADynGroupMembers( anyType_id VARCHAR(255), any_id CHAR(36), group_id CHAR(36), UNIQUE(anyType_id, any_id, group_id)); CREATE TABLE DynRoleMembers( any_id CHAR(36), role_id VARCHAR(255), UNIQUE(any_id, role_id)); CREATE TABLE DynRealmMembers( any_id CHAR(36), dynRealm_id VARCHAR(255), UNIQUE(any_id, dynRealm_id)); CREATE INDEX UDynGroupMembers_any_id ON UDynGroupMembers(any_id); CREATE INDEX UDynGroupMembers_group_id ON UDynGroupMembers(group_id); CREATE INDEX ADynGroupMembers_any_id ON ADynGroupMembers(any_id); CREATE INDEX ADynGroupMembers_group_id ON ADynGroupMembers(group_id); CREATE INDEX DynRoleMembers_any_id ON DynRoleMembers(any_id); CREATE INDEX DynRoleMembers_role_id ON DynRoleMembers(role_id); CREATE INDEX DynRealmMembers_any_id ON DynRealmMembers(any_id); CREATE INDEX DynRealmMembers_dynRealm_id ON DynRealmMembers(dynRealm_id); CREATE INDEX UPAttrUniqueValue_attrIndex on UPlainAttrUniqueValue(attribute_id); CREATE INDEX GPAttrUniqueValue_attrIndex on GPlainAttrUniqueValue(attribute_id); CREATE INDEX APAttrUniqueValue_attrIndex on APlainAttrUniqueValue(attribute_id); CREATE INDEX CPAttrUniqueValue_attrIndex on CPlainAttrUniqueValue(attribute_id); CREATE INDEX UPlainAttr_schema_Index on UPlainAttr(schema_id); CREATE INDEX UPlainAttr_membership_Index on UPlainAttr(membership_id); CREATE INDEX GPlainAttr_schema_Index on GPlainAttr(schema_id); CREATE INDEX APlainAttr_schema_Index on APlainAttr(schema_id); CREATE INDEX APlainAttr_membership_Index on APlainAttr(membership_id); Please beware that the statement above will, among other thins, invalidate any existing session. Source changes POM In the root pom.xml: change parent/version from 2.0.3 to 2.0.4 change properties/syncope.version from 2.0.3 to 2.0.4 Other Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made): core/src/main/resources/indexes.xml core/src/main/resources/log4j2.xml core/src/main/resources/persistence.properties core/src/main/resources/provisioning.properties core/src/main/resources/security.properties core/src/main/resources/views.xml core/src/main/resources/domains/Master.properties core/src/main/resources/domains/MasterContent.xml core/src/test/resources/domains/Master.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/Two.properties core/src/test/resources/domains/TwoContent.xml console/src/main/resources/console.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.3 to 2.0.4
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.3 to 2.0.4 ... Code Block language sql DELETE FROM AccessToken; Please beware that the statement above will invalidate any existing session. Source changes POM In the root pom.xml: change parent/version from 2.0.3 to 2.0.4 change properties/syncope.version from 2.0.3 to 2.0.4 Other Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made): core/src/main/resources/indexes.xml core/src/main/resources/log4j2.xml core/src/main/resources/persistence.properties core/src/main/resources/provisioning.properties core/src/main/resources/security.properties core/src/main/resources/views.xml core/src/main/resources/domains/Master.properties core/src/main/resources/domains/MasterContent.xml core/src/test/resources/domains/Master.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/Two.properties core/src/test/resources/domains/TwoContent.xml console/src/main/resources/console.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.3 to 2.0.4
Title: Message Title
Francesco Chicchiricco edited a page
Upgrade from 2.0.3 to 2.0.4
Table of Contents
maxLevel
2
style
decimal
SSO header change for RESTful services In Apache Syncope 2.0.3, SSO support was added (
JIRA
server
ASF JIRA
serverId
5aa69414-a9e9-3523-82ec-879b028fb15b
key
SYNCOPE-1035
) for RESTful services by sending a JWT Token using the X-Syncope-Token header, e.g.: curl -H "X-Syncope-Token: eyJ0e..." http://localhost:8080/syncope/rest/users/self From Syncope 2.0.4 onwards (
JIRA
server
ASF JIRA
serverId
5aa69414-a9e9-3523-82ec-879b028fb15b
key
SYNCOPE-1120
), this header value is no longer supported. Instead, you must use the standard Authorization Bearer header, e.g.: curl -H "Authorization: Bearer eyJ0e..." http://localhost:8080/syncope/rest/users/self JWS signing key reference In Apache Syncope 2.0.3, the default signing JWS key was referenced in securityContext.xml as follows: "${jwsKey}.bytes". However, this was incorrect and results in the key value with ".bytes" appended to it. In Syncope 2.0.4, the following value should be used instead "#{jwsKey.getBytes()}". Default key and password checking In Apache Syncope 2.0.4, a warning is logged if the default JWS key is used to either create/update an access token, or is used to invoke on a RESTful service. A similar warning is logged if the default anonymous key is used to invoke on a RESTful service. A warning is also logged if the default admin password is detected. If you see these warnings in the logs then it is critical to change the default values. Before starting Due to the changes occurred in JWT management, execute the SQL query below on your internal storage:
Code Block
language
sql
DELETE FROM AccessToken;
Please beware that the statement above will invalidate any existing session.
Source changes
POM
In the root pom.xml:
change parent/version from 2.0.3 to 2.0.4
change properties/syncope.version from 2.0.3 to 2.0.4
Other
Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made):
core/src/main/resources/indexes.xml
core/src/main/resources/log4j2.xml
core/src/main/resources/persistence.properties
core/src/main/resources/provisioning.properties
core/src/main/resources/security.properties
core/src/main/resources/views.xml
core/src/main/resources/domains/Master.properties
core/src/main/resources/domains/MasterContent.xml
core/src/test/resources/domains/Master.properties
core/src/test/resources/domains/MasterContent.xml
core/src/test/resources/domains/Two.properties
core/src/test/resources/domains/TwoContent.xml
console/src/main/resources/console.properties
all files under enduser/src/main/webapp/app/
View page
•
Add comment
•
Like
Stop watching space
•
Manage notifications
This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Upgrade from 2.0.3 to 2.0.4
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.3 to 2.0.4 ... Code Block language sql DELETE FROM AccessToken; Please beware that the statement above will invalidate any existing session. Source changes POM In the root pom.xml: change parent/version from 2.0.3 to 2.0.4 change properties/syncope.version from 2.0.3 to 2.0.4 Other Replace the following files with their 2.0.4 counterparts (re-apply any customization previously made): core/src/main/resources/indexes.xml core/src/main/resources/log4j2.xml core/src/main/resources/persistence.properties core/src/main/resources/provisioning.properties core/src/main/resources/security.properties core/src/main/resources/views.xml core/src/main/resources/domains/Master.properties core/src/main/resources/domains/MasterContent.xml core/src/test/resources/domains/Master.properties core/src/test/resources/domains/MasterContent.xml core/src/test/resources/domains/Two.properties core/src/test/resources/domains/TwoContent.xml console/src/main/resources/console.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... In Apache Syncope 2.0.4, a warning is logged if the default JWS key is used to either create / update an access token, or is used to invoke on a RESTful service. Similarly, a warning is A similar warning is logged if the default anonymous key is used to invoke on a RESTful service. A warning is also logged if the default admin password or anonymous key are detected. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.17
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... The brand new Apache Syncope 2.0.4 Jazz brings again keeps bringing fixes, new features and improvements. ... Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving the overall search performance when the number of managed entities (Users, Groups and Any Objects) raises above tens of thousands. Dynamic Realms In addition to static containment provided by Realms, Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource assignment, group membership or any other condition available, with purpose of granting delegated administration rights. Flexible Quartz configuration in clusters The Quartz scheduler is largely used within Syncope Core to schedule the execution of jobs, including pull, push, notification and custom tasks, and reportlets. By default, Quartz is configured for clustering, where all cluster nodes are equally selectable for processing jobs. Individual cluster nodes can now be disabled for jobs processing. JWT and security improvements ... More information about the internal authorization process is now available in the Reference Guide. Dynamic Realms In addition to static containment provided by Realms, Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource assignment, group membership or any other condition available, with purpose of granting delegated administration rights. Flexible Quartz configuration in clusters The Quartz scheduler is largely used within Syncope Core to schedule the execution of jobs, including pull, push, notification and custom tasks, and reportlets. By default, Quartz is configured for clustering, where all cluster nodes are equally selectable for processing jobs. Individual cluster nodes can now be disabled for jobs processing. HikariCP for JDBC connection pool The internal storage connection pool is now based by default on the high-performance HikariCP. Improved UX in Admin Console Up to Syncope 2.0.3, the general interaction paradigm for data tables in Admin Console used to be based on showing several icons for each row, following the various actions available for the given entity: Image Added With the increasing number of potential actions, this mechanism proved to be poor: now, instead, a contextual menu will appear after clicking on any row, reporting all the available actions for the selected entity. Image Added Issues Sub-task [SYNCOPE-808] - Netbeans plugin Bug [SYNCOPE-1066] - WADL servlet uses request url to provide wadl [SYNCOPE-1069] - Incomplete HA setup instructions [SYNCOPE-1070] - Conversion pattern ignored for date, long and double values during propagation [SYNCOPE-1071] - The executed notification tasks are not displaying on the console [SYNCOPE-1075] - User lastChangeDate attribute is not displayed correctly [SYNCOPE-1076] - The console doesn't allow to download the report in various formats [SYNCOPE-1078] - Activiti modeler window doesn't open on click [SYNCOPE-1079] - Missing toggle panel for the job control widget of the administration console dashboard [SYNCOPE-1081] - Console: new toggle panel behavior anomalies [SYNCOPE-1082] - Concurrent CRUD random failures with dynamic memberships [SYNCOPE-1085] - Custom tasks modal page shouldn't show "Cancel" button [SYNCOPE-1089] - Improve provisioning mapping page in order to avoid duplicates in internal attribute name list [SYNCOPE-1090] - Error defining clause to search for group owners [SYNCOPE-1091] - Error while downloading Jpeg binary attribute content [SYNCOPE-1094] - Out of memory error while rendering PDF [SYNCOPE-1098] - User edit modal page opening takes long in case of a lot of groups defined [SYNCOPE-1099] - Dynamic group membership does not trigger propagation [SYNCOPE-1101] - Error showing action icons on Notidfication events managements [SYNCOPE-1104] - Missing autocomplete for ConnId object class when defining new provision [SYNCOPE-1107] - The installer fails with a NoClassDefFoundError [SYNCOPE-1108] - NullPointerException while saving an empty template [SYNCOPE-1109] - Installer fails to setup Activiti [SYNCOPE-1110] - Error replacing group/auxclass/resource during self-management operation [SYNCOPE-] - New any type not shown unders Realms [SYNCOPE-1112] - Error searching for user/group/anyobject by providing conditions on attribute with schema type Long [SYNCOPE-1114] - Dynamic group information not available during propagation [SYNCOPE-1121] - Enduser form customization does not work with empty section in edit mode [SYNCOPE-1122] - Enduser must show all attributes when customForm.json has empty section with show=true [SYNCOPE-1123] - Enduser User
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... More information about the internal authorization process is now available in the Reference Guide. Dynamic Realms In addition to static containment provided by Realms, Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource assignment, group membership or any other condition available, with purpose of granting delegated administration rights. Flexible Quartz configuration in clusters The Quartz scheduler is largely used within Syncope Core to schedule the execution of jobs, including pull, push, notification and custom tasks, and reportlets. By default, Quartz is configured for clustering, where all cluster nodes are equally selectable for processing jobs. Individual cluster nodes can now be disabled for jobs processing. HikariCP for JDBC connection pool The internal storage connection pool is now based by default on the high-performance HikariCP. Issues Sub-task [SYNCOPE-808] - Netbeans plugin Bug [SYNCOPE-1066] - WADL servlet uses request url to provide wadl [SYNCOPE-1069] - Incomplete HA setup instructions [SYNCOPE-1070] - Conversion pattern ignored for date, long and double values during propagation [SYNCOPE-1071] - The executed notification tasks are not displaying on the console [SYNCOPE-1075] - User lastChangeDate attribute is not displayed correctly [SYNCOPE-1076] - The console doesn't allow to download the report in various formats [SYNCOPE-1078] - Activiti modeler window doesn't open on click [SYNCOPE-1079] - Missing toggle panel for the job control widget of the administration console dashboard [SYNCOPE-1081] - Console: new toggle panel behavior anomalies [SYNCOPE-1082] - Concurrent CRUD random failures with dynamic memberships [SYNCOPE-1085] - Custom tasks modal page shouldn't show "Cancel" button [SYNCOPE-1089] - Improve provisioning mapping page in order to avoid duplicates in internal attribute name list [SYNCOPE-1090] - Error defining clause to search for group owners [SYNCOPE-1091] - Error while downloading Jpeg binary attribute content [SYNCOPE-1094] - Out of memory error while rendering PDF [SYNCOPE-1098] - User edit modal page opening takes long in case of a lot of groups defined [SYNCOPE-1099] - Dynamic group membership does not trigger propagation [SYNCOPE-1101] - Error showing action icons on Notidfication events managements [SYNCOPE-1104] - Missing autocomplete for ConnId object class when defining new provision [SYNCOPE-1107] - The installer fails with a NoClassDefFoundError [SYNCOPE-1108] - NullPointerException while saving an empty template [SYNCOPE-1109] - Installer fails to setup Activiti [SYNCOPE-1110] - Error replacing group/auxclass/resource during self-management operation [SYNCOPE-] - New any type not shown unders Realms [SYNCOPE-1112] - Error searching for user/group/anyobject by providing conditions on attribute with schema type Long [SYNCOPE-1114] - Dynamic group information not available during propagation [SYNCOPE-1121] - Enduser form customization does not work with empty section in edit mode [SYNCOPE-1122] - Enduser must show all attributes when customForm.json has empty section with show=true [SYNCOPE-1123] - Enduser UserRequestValidator NPE on custom form empty sections [SYNCOPE-1125] - Password on external resource not updated via Enduser [SYNCOPE-1127] - Membership attribute values are not shown [SYNCOPE-1128] - Content exporter does not sort for internal foreign keys [SYNCOPE-1130] - NPE refreshing realm page after realm creation [SYNCOPE-1131] - Cannot delete resources owned by realms [SYNCOPE-1133] - Search panel used for relationships definition does not work [SYNCOPE-1134] - Action menu not working after page refresh [SYNCOPE-1135] - Groups list not refreshing after realm change Improvement [SYNCOPE-1047] - Replace ActionLinksPanel with TogglePanel [SYNCOPE-1053] - Show actual pending modifications during approval [SYNCOPE-1067] - More flexible delegated administration model [SYNCOPE-1068] - Console: CSRF protection [SYNCOPE-1072] - Display or enable add button only to realms were CREATE is owned [SYNCOPE-1073] - Hide realm management if no realm entitlement are owned [SYNCOPE-1074] - Realm navigator: show only relevant realms for delegated admin [SYNCOPE-1083] - ConnInstance location is not normalized [SYNCOPE-1084] - Switch to HikariCP for Core's default DataSource definitions [SYNCOPE-1086] - Avoid to read whole entities to check ETag [SYNCOPE-1087] - Avoid to read input entities if no notification or audit are requested [SYNCOPE-1088] - Store authorizations with access tokens [SYNCOPE-1093] - Add some feedbacks when linking not existing groups/resources to existing user [SYNCOPE-1100] - Provide JWT expiration information to self [SYNCOPE-1103] - Option
[CONF] Apache Syncope > Jazz
Title: Message Title
Francesco Chicchiricco edited a page
Jazz
...
Info
title
Upgrade procedure
Upgrading from 2.0.3? There are some notes about this process.
New and noteworthy Netbeans Plugin Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features. Elasticsearch-based Search Engine Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving the overall search performance when the number of managed entities (Users, Groups and Any Objects) raises above tens of thousands. JWT and security improvements SSO header change for RESTful services In Apache Syncope 2.0.3, SSO support was added (Image AddedSYNCOPE-1035 - JWT-based access to REST services CLOSED) for RESTful services by sending a JWT Token using the X-Syncope-Token header, e.g.:
Code Block
curl -H "X-Syncope-Token: eyJ0e..." http://localhost:8080/syncope/rest/users/self
From Syncope 2.0.4 onwards (Image AddedSYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens CLOSED), this header value is no longer supported. Instead, you must use the standard Authorization Bearer header, e.g.:
Code Block
curl -H "Authorization: Bearer eyJ0e..." http://localhost:8080/syncope/rest/users/self
Third Party JWT SSO integration Besides validating and accepting the JSON Web Tokens generated during the authentication process as sketched above, Apache Syncope can be enabled to cope with tokens generated by third parties. JWS signing key reference In Apache Syncope 2.0.3, the default signing JWS key was referenced in securityContext.xml as follows:
Code Block
"${jwsKey}.bytes"
However, this was incorrect and results in the key value with ".bytes" appended to it. In Syncope 2.0.4, the following value should be used instead
Code Block
"#{jwsKey.getBytes()}"
Default key and password checking In Apache Syncope 2.0.4, a warning is logged if the default JWS key is used to either create / update an access token, or is used to invoke on a RESTful service. Similarly, a warning is logged if the default admin password or anonymous key are detected. If you see these warnings in the logs then it is critical to change the default values. More information about the internal authorization process is now available in the Reference Guide.
Issues
Sub-task
[SYNCOPE-808] - Netbeans plugin
Bug
[SYNCOPE-1066] - WADL servlet uses request url to provide wadl
[SYNCOPE-1069] - Incomplete HA setup instructions
[SYNCOPE-1070] - Conversion pattern ignored for date, long and double values during propagation
[SYNCOPE-1071] - The executed notification tasks are not displaying on the console
[SYNCOPE-1075] - User lastChangeDate attribute is not displayed correctly
[SYNCOPE-1076] - The console doesn't allow to download the report in various formats
[SYNCOPE-1078] - Activiti modeler window doesn't open on click
[SYNCOPE-1079] - Missing toggle panel for the job control widget of the administration console dashboard
[SYNCOPE-1081] - Console: new toggle panel behavior anomalies
[SYNCOPE-1082] - Concurrent CRUD random failures with dynamic memberships
[SYNCOPE-1085] - Custom tasks modal page shouldn't show "Cancel" button
[SYNCOPE-1089] - Improve provisioning mapping page in order to avoid duplicates in internal attribute name list
[SYNCOPE-1090] - Error defining clause to search for group owners
[SYNCOPE-1091] - Error while downloading Jpeg binary attribute content
[SYNCOPE-1094] - Out of memory error while rendering PDF
[SYNCOPE-1098] - User edit modal page opening takes long in case of a lot of groups defined
[SYNCOPE-1099] - Dynamic group membership does not trigger propagation
[SYNCOPE-1101] - Error showing action icons on Notidfication events managements
[SYNCOPE-1104] - Missing autocomplete for ConnId object class when defining new provision
[SYNCOPE-1107] - The installer fails with a NoClassDefFoundError
[SYNCOPE-1108] - NullPointerException while saving an empty template
[SYNCOPE-1109] - Installer fails to setup Activiti
[SYNCOPE-1110] - Error replacing group/auxclass/resource during self-management operation
[SYNCOPE-] - New any type not shown unders Realms
[SYNCOPE-1112] - Error searching for user/group/anyobject by providing conditions on attribute with schema type Long
[SYNCOPE-1114] - Dynamic group information not available during propagation
[SYNCOPE-1121] - Enduser form customization does not work with empty section in edit mode
[SYNCOPE-1122] - Enduser must show all attributes when customForm.json has empty section with show=true
[SYNCOPE-1123] - Enduser UserRequestValidator NPE on custom form empty secti
[CONF] Apache Syncope > [DISCUSS] Realms
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] Realms ... Table of Contents outline true style none Tracked as SYNCOPE-119. Also see [DISCUSS] Dynamic Realms. This topic dates very early in Syncope's history (the mail thread referenced in the issue mentioned above was started in 2011, even before entering the incubator). ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] Dynamic Realms
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] Dynamic Realms ... Table of Contents outline true style none Tracked as SYNCOPE-1067. Also see [DISCUSS] Realms. Problem description The current implementation of delegated administration relies on Roles, where each Role associates a set of Entitlements (e.g. administrative actions) to a set of Realms (e.g. containers for Users / Groups / Any Objects). This requires, however, that the set of Users / Groups / Any Objects to administer is somehow statically defined by containment: "administrators with role R can manage users under realms /a and /b" works as long as users to administer are fully contained by the Realms /a and /b; but what if the set of Users that R can administer needs to be dynamically defined, say by the value of a 'department' attribute? Proposed solution Introduce new entity: Dynamic Realms and extend Roles to map a set of Entitlements to a set of Realms and / or Dynamic Realms.A Dynamic Realm is defined by its unique name and FIQL conditions (similarly to Groups). Given that, it can work as dynamic container for Users, Groups and Any Objects. Upon delegated administrator's authentication, the owned roles will be evaluated (as in the current implementation) and the set of effective Realms and Dynamic Realms for which entitlements are granted will be built. Known limitations CREATE entitlement(s) cannot be granted via Dynamic Realms: as Dynamic Realms are not physical containers as Realms, allowing to create in a Dynamic Realm would mean granting CREATE in the root Realm UPDATE entitlement(s) can be granted via Dynamic Realms, with condition that any modification to matching Users / Groups / Any Objects does not alter the set of Dynamic Realms such entity is part of DELETE entitlement(s) cannot be granted via Dynamic Realms: as the same User / Group / Any Object can be shared by several Virtual Realms at once, deleting from a Virtual Realm might cause unwanted side effects in other Dynamic Realms In other word: the only changes on a given entity, accepted by a delegated administrator through Dynamic Realms, are the ones that do not change any Dynamic Realm's matching condition for such entity. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] Dynamic Realms
Title: Message Title Francesco Chicchiricco created a page [DISCUSS] Dynamic Realms This page contains topics supporting ongoing discussion at d...@syncope.apache.org. 1 Problem description 2 Proposed solution 2.1 Known limitations Tracked as SYNCOPE-1067. Problem description The current implementation of delegated administration relies on Roles, where each Role associates a set of Entitlements (e.g. administrative actions) to a set of Realms (e.g. containers for Users / Groups / Any Objects). This requires, however, that the set of Users / Groups / Any Objects to administer is somehow statically defined by containment: "administrators with role R can manage users under realms /a and /b" works as long as users to administer are fully contained by the Realms /a and /b; but what if the set of Users that R can administer needs to be dynamically defined, say by the value of a 'department' attribute? Proposed solution Introduce new entity: Dynamic Realms and extend Roles to map a set of Entitlements to a set of Realms and / or Dynamic Realms.A Dynamic Realm is defined by its unique name and FIQL conditions (similarly to Groups). Given that, it can work as dynamic container for Users, Groups and Any Objects. Upon delegated administrator's authentication, the owned roles will be evaluated (as in the current implementation) and the set of effective Realms and Dynamic Realms for which entitlements are granted will be built. Known limitations CREATE entitlement(s) cannot be granted via Dynamic Realms: as Dynamic Realms are not physical containers as Realms, allowing to create in a Dynamic Realm would mean granting CREATE in the root Realm UPDATE entitlement(s) can be granted via Dynamic Realms, with condition that any modification to matching Users / Groups / Any Objects does not alter the set of Dynamic Realms such entity is part of DELETE entitlement(s) cannot be granted via Dynamic Realms: as the same User / Group / Any Object can be shared by several Virtual Realms at once, deleting from a Virtual Realm might cause unwanted side effects in other Dynamic Realms In other word: the only changes on a given entity, accepted by a delegated administrator through Dynamic Realms, are the ones that do not change any Dynamic Realm's matching condition for such entity. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] Social login
Title: Message Title Francesco Chicchiricco created a page [DISCUSS] Social login This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Tracked as SYNCOPE-1018. Requirements Once this feature is implemented, it will be possible to log into the Admin Console, the Enduser UI (and any other Java EE web application) via OAuth 2.0.A specialized use case is to allow new users to perform self-registration to Enduser UI (and to pre-populate some attributes) via their existing social accounts (Google, Facebook, Twitter, LinkedIn, ...). An important requirement is to maintain all authentication / authorization aspects into the Syncope Core. Design Implementation For several reasons - including the need to introduce additional library dependencies - the ideal candidate for this implementation is a new extension. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... SYNCOPE-1055 adds native support for the Flowable Java BPM Engine, besides the one based on Activiti. Extended support for workflow sub-process management SYNCOPE-1020 enhances the support for managing BPMN sub-processes, which can now be explicitly defined, managed via Activiti Modeler (if available) and invoked from the main process through the call-activity construct. Authentication / Authorization improvements ... Moreover, with SYNCOPE-1015 it is now possible to configure which user attribute(s) can be passed as login name for authentication, besides username (default). Issues Bug [SYNCOPE-1003] - Error when accessing notification tasks for a given user [SYNCOPE-1004] - Notification tasks generated for self read event not linked to user [SYNCOPE-1007] - NPE in Console when on an empty search term for user assignment [SYNCOPE-1008] - Maven home directory not trimmed of whitespace [SYNCOPE-1010] - Some PushActions methods not invoked even if assigned [SYNCOPE-1012] - Security answer not recognized during password reset [SYNCOPE-1013] - Password reset link generated by default notification template does not trigger Enduser UI features [SYNCOPE-1014] - The list of security questions is not refreshed after creating new one [SYNCOPE-1016] - Last change date not updated for users when attributes are updated via pull [SYNCOPE-1022] - UTF-8 characters in security questions not correctly encoded by Enduser UI [SYNCOPE-1023] - Maven projects from archetype deploy test content with 'all' profile [SYNCOPE-1024] - Enduser does not manages properly ENUM schema labels [SYNCOPE-1025] - SYNCOPEAUDIT table not populated [SYNCOPE-1026] - Cannot remove group owner once set [SYNCOPE-1027] - Mapping errors cannot be fixed when defining provision rules for a new resource [SYNCOPE-1030] - Invalid DefaultAccountRule definition from Admin Console [SYNCOPE-1032] - Role key must be not modifiable during edit from Admin Console [SYNCOPE-1033] - NPE in Admin Console when working with Reconciliation Report [SYNCOPE-1034] - Assigned Auxiliary classes disappear in the Type Extensions panel when click on cancel [SYNCOPE-1036] - Notification icon does not refresh on new approval event [SYNCOPE-1037] - Pending approvals list is clickable [SYNCOPE-1038] - User create: finish button should remain clickable if the last step is reached [SYNCOPE-1039] - User attributes in user edit/create form are reset after validation error [SYNCOPE-1040] - Membership derived attributes cannot reference own plain attributes [SYNCOPE-1042] - Removal of all executed pull tasks via bulk action returns a missing resource exception [SYNCOPE-1043] - Improve JWT token expiration handling [SYNCOPE-1044] - By editing the provisioning rules, modal footer is not disabled [SYNCOPE-1045] - Activiti Modeler: log out from Admin Console in case of error [SYNCOPE-1046] - Console: task execution sort not working properly [SYNCOPE-1048] - Into the connector configuration page the same bundle appear more then once if different versions exist [SYNCOPE-1049] - Console returns an error if you try to explore Syncope as a remote object [SYNCOPE-1051] - It is possible to schedule task execution in the past [SYNCOPE-1052] - Enduser CAPTCHA not reloading [SYNCOPE-1057] - Type extensions cleared after group update during pull [SYNCOPE-1060] - Date in membership attribute is propagated as timestamp [SYNCOPE-1062] - Changes pulled from one resource not propagated externally ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.2 to 2.0.3
Title: Message Title
Francesco Chicchiricco edited a page
Upgrade from 2.0.2 to 2.0.3
...
Create a String multi-value configuration parameter named authentication.attributes with value 'username'
Create a Long configuration parameter named jwt.lifetime.minutes with value '120'
Edit the notification template with name requestPasswordReset (both in TEXT and HTML formats) and ensure that all the embedded links are updated from http://localhost:9080/syncope-enduser/app/#/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')} to http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
...
Create Custom Task with
name Access Token Cleanup Task
class org.apache.syncope.core.provisioning.java.job.ExpiredAccessTokenCleanup
cron _expression_ '0 0/5 * * * ?'
Source changes POM In the root pom.xml:
change parent/version from 2.0.2 to 2.0.3
change properties/syncope.version from 2.0.2 to 2.0.3
core/pom.xml
copy the whole element
download the updated file
replace, in the downloaded file, the element with the one saved in the first step
move the downloaded file to core/pom.xml
console/pom.xml
copy the whole element
download the updated file
replace, in the downloaded file, the element with the one saved in the first step
move the downloaded file to console/pom.xml
enduser/pom.xml
copy the whole element
download the updated file
replace, in the downloaded file, the element with the one saved in the first step
move the downloaded file to enduser/pom.xml
Other Replace the following files with their 2.0.2 3 counterparts (re-apply any customization previously made):
core/src/main/resources/securityContext.xml
core/src/main/resources/security.properties
core/src/main/resources/restCXFContext.xml
core/src/main/resources/log4j2.xml
all files under enduser/src/main/webapp/app/
Add the following files:
core/src/main/resources/all/saml2sp-logic.properties
console/src/main/resources/all/saml2sp-agent.properties
enduser/src/main/resources/all/saml2sp-agent.properties
View page
•
Add comment
•
Like
Stop watching space
•
Manage notifications
This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.2 to 2.0.3
Title: Message Title
Francesco Chicchiricco edited a page
Upgrade from 2.0.2 to 2.0.3
Table of Contents
maxLevel
2
style
decimal
Before starting Before starting the upgrade process, with 2.0.2 running, perform the following actions either via REST or Admin Console:
Create a String multi-value configuration parameter named authentication.attributes with value 'username'
Create a Long configuration parameter named jwt.lifetime.minutes with value '120'
Edit the notification template with name requestPasswordReset (both in TEXT and HTML formats) and ensure that all the embedded links are updated from http://localhost:9080/syncope-enduser/app/#/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')} to http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
Moreover, execute the SQL query below on your internal storage:
Code Block
language
sql
UPDATE ReportletConfInstance SET serializedInstance='{"@class":"org.apache.syncope.common.lib.report.ReconciliationReportletConf","name":"dashboardReconciliationReportlet","userMatchingCond":null,"groupMatchingCond":null,"anyObjectMatchingCond":null,"features":["key","username","groupName"]}' WHERE id='d6c2b475-4860-4eb1-8fde-618299c2a97c';
After completing After completing the upgrade process, with 2.0.3 running, perform the following actions either via REST or Admin Console:
Create Custom Task with
name Access Token Cleanup Task
class org.apache.syncope.core.provisioning.java.job.ExpiredAccessTokenCleanup
cron _expression_ '0 0/5 * * * ?'
Source changes POM In the root pom.xml:
change parent/version from 2.0.2 to 2.0.3
change properties/syncope.version from 2.0.2 to 2.0.3
Other Replace the following files with their 2.0.2 counterparts (re-apply any customization previously made): ...
View page
•
Add comment
•
Like
Stop watching space
•
Manage notifications
This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.2 to 2.0.3
Title: Message Title Francesco Chicchiricco created a page Upgrade from 2.0.2 to 2.0.3 POM Other POM In the root pom.xml: change parent/version from 2.0.2 to 2.0.3 change properties/syncope.version from 2.0.2 to 2.0.3 Other Replace the following files with their 2.0.2 counterparts (re-apply any customization previously made): core/src/main/resources/securityContext.xml core/src/main/resources/restCXFContext.xml core/src/main/resources/log4j2.xml all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Apache Syncope 2.0 Primer
Title: Message Title Francesco Chicchiricco created a page Apache Syncope 2.0 Primer View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] SAML 2.0 Service Provider feature
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] SAML 2.0 Service Provider feature ... both for IdP-initiated and SP-initiated scenarios, the new SAML 2.0 SP Agent will take care of the SAML 2.0 assertion exchange with user's browser the actual assertion generation and validation is performed by invoking the Syncope Core via REST (for this reason the IdP metadata will be maintained by the Core); at the end of the process, a JWT (introduced by SYNCOPE-1035) will be returned by the Core to the SAML 2.0 SP Agent the new SAML 2.0 SP Agent will store the JWT received by the Syncope Core into the Java EE web application's session the Java EE web application will use the JWT for invoking the Syncope Core Image Added Implementation For several reasons - including the need to introduce additional library dependencies for manipulating SAML 2.0 assertions - the ideal candidate for this implementation is a new extension. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] SAML 2.0 Service Provider feature
Title: Message Title Francesco Chicchiricco edited a page [DISCUSS] SAML 2.0 Service Provider feature Info This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Tracked as SYNCOPE-10XX1041. Requirements Once this feature is implemented, it will be possible to log into the Admin Console, the Enduser UI (and any other Java EE web application) by using the Web Browser SSO Profile and an external SAML 2.0 Identity Provider. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > [DISCUSS] SAML 2.0 Service Provider feature
Title: Message Title Francesco Chicchiricco created a page [DISCUSS] SAML 2.0 Service Provider feature This page contains topics supporting ongoing discussion at d...@syncope.apache.org. Tracked as SYNCOPE-10XX. Requirements Once this feature is implemented, it will be possible to log into the Admin Console, the Enduser UI (and any other Java EE web application) by using the Web Browser SSO Profile and an external SAML 2.0 Identity Provider. An important requirement is to maintain all authentication / authorization aspects into the Syncope Core. Design The idea is to provide a new Java EE web-fragment named SAML 2.0 SP Agent, meant to be deployed, as separated JAR file, alongside with the Admin Console, the Enduser UI (and any other Java EE web application). The operation's flow will be something like as follows: both for IdP-initiated and SP-initiated scenarios, the new SAML 2.0 SP Agent will take care of the SAML 2.0 assertion exchange with user's browser the actual assertion generation and validation is performed by invoking the Syncope Core via REST (for this reason the IdP metadata will be maintained by the Core); at the end of the process, a JWT (introduced by SYNCOPE-1035) will be returned by the Core to the SAML 2.0 SP Agent the new SAML 2.0 SP Agent will store the JWT received by the Syncope Core into the Java EE web application's session the Java EE web application will use the JWT for invoking the Syncope Core Implementation For several reasons - including the need to introduce additional library dependencies for manipulating SAML 2.0 assertions - the ideal candidate for this implementation is a new extension. The OpenSAML 3.0 library looks like an adequate fit for this job. View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Create a new Syncope project
Title: Message Title Francesco Chicchiricco edited a page Create a new Syncope project ... If you want to test a snapshot release, be sure to: change Code Block http://repo1.maven.org/maven2 to Code Block mvn org.apache.maven.plugins:maven-archetype-plugin:2.4:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repository.apache.org/content/repositories/snapshots in the mvn command above \ -DarchetypeVersion=1.2.11-SNAPSHOT add the following code right before in root pom.xml of the generated project: Code Block ASF https://repository.apache.org/content/repositories/snapshots/ true ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... case-insensitive search, selectable via REST and available by default from the Admin Console Enduser application's default HTML / CSS template now responsive sample External Resource provided, using the Scripted REST connector Apache FOP upgraded to the latest stable version available, providing major enhancements to report export as PDF and RTF brand new Log Viewer, which provides full access to Core logs from the Admin console. Image Added Upgrading from 2.0.1? There are some notes about this process. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.1 to 2.0.2
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 2.0.1 to 2.0.2 ... Replace the following files with their 2.0.2 counterparts (re-apply any customization previously made): endusercore/src/main/resources/endusersecurityContext.properties xml core/src/main/resources/restCXFContext.xml core/src/main/resources/log4j2.xml all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... The second maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, both on the Admin Console and Enduser application.Additionally, theMost noticeable changes: case-insensitive search, selectable via REST and available by default from the Admin Console Enduser application's default HTML / CSS template now responsive sample External Resource provided, using the Scripted REST connector Apache FOP upgraded to the latest stable version available, providing major enhancements to report export as PDF and RTF brand new Log Viewer ... , which provides full access to Core logs from the Admin console. Upgrading from 2.0.1? There are some notes about this process. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... The second maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, both on the Admin Console and Enduser application. Additionally, the brand new Log Viewer is provided, which provides full access to Core logs from the Admin console. Upgrading from 2.0.1? There are some notes about this process. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.1 to 2.0.2
Title: Message Title Francesco Chicchiricco created a page Upgrade from 2.0.1 to 2.0.2 POM Other POM In the root pom.xml: change parent/version from 2.0.1 to 2.0.2 change properties/syncope.version from 2.0.1 to 2.0.2 Other Replace the following files with their 2.0.2 counterparts (re-apply any customization previously made): enduser/src/main/resources/enduser.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 1.2.9 to 1.2.10
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 1.2.9 to 1.2.10 ... change parent/version from 1.2.9 to 1.2.10 change properties/syncope.version from 1.2.9 to 1.2.10 ... Other SYNCOPE-971 Replace the following file with its 1.2.8 counterpart: core/src/main/resources/securityContext.xml SYNCOPE-999 Replace the following file with its 1.2.8 counterpart: core/src/main/resources/restContext.xml View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Intermezzo
Title: Message Title Francesco Chicchiricco edited a page Intermezzo Table of Contents maxLevel 1 style decimal 1.2.10 (January 24th, 2017) Upgrading from 1.2.9? There are some notes about this. Bug [SYNCOPE-963] - Various content upgrade "edge case" failures [SYNCOPE-965] - Cron _expression_ for scheduled job is not saved from the console [SYNCOPE-973] - NotFound error returned by user create under high load [SYNCOPE-975] - Search case insensitive ilike operator triggers search validation [SYNCOPE-976] - Duplicated events shown by admin console for notifications and audit [SYNCOPE-999] - REST exception mapper overwrites Spring Security response Improvement [SYNCOPE-971] - Case insensitive search [SYNCOPE-983] - Search performance improvement with mandatory schemas only 1.2.9 (October 7th, 2016) Upgrading from 1.2.8? There are some notes about this. Bug [SYNCOPE-876] - Fake after object reported by propagation in case of delete [SYNCOPE-923] - Sync / Pull task not configured for delete causes incremental sync to prematurely stop [SYNCOPE-928] - Table that stores user passwords store duplicate entries [SYNCOPE-929] - Braces are ignored for FIQL strings [SYNCOPE-936] - Sync token reset to NULL when no SyncDelta items are available [SYNCOPE-939] - Password history not checked when user changes password [SYNCOPE-943] - Security question gets deleted when changing a user attribute in the console [SYNCOPE-954] - Wicket exception when running an enable or disable action Improvement [SYNCOPE-877] - Better handling of not found exception logged at global policy retrieval time [SYNCOPE-949] - Leave WebApplicationException to default processing ... Upgrading from 1.2.7? There are some notes about this. Bug [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema [SYNCOPE-769] - Sync performance decrease [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal [SYNCOPE-840] - REST API doc url breaks without trailing slash Improvement [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive [SYNCOPE-804] - Support the explanation of the Connector Configuration properties [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs [SYNCOPE-855] - Synchronization token management enhancement in case of errors [SYNCOPE-858] - Ensure afterObject is provided after propagation ... Upgrading from 1.2.6? There are some notes about this. Bug [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided [SYNCOPE-735] - Acitiviti history tables uncontrolled growth [SYNCOPE-739] - Virtual attributes are not updated after a sync task [SYNCOPE-741] - Tasks page unusable when a task has thousand executions Improvement [SYNCOPE-748] - Selectively delete task and report executions [SYNCOPE-751] - Preview for PDF binary values 1.2.6 (November 5th, 2015) Bug [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password [SYNCOPE-691] - Multivalue virtual attribute does not work [SYNCOPE-702] - Documentation issue on Architecture section [SYNCOPE-707] - ConfigurationLogic doesn't check the existence of key during deletion. [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources [SYNCOPE-712] - Error while searching roles by parent [SYNCOPE-716] - Cannot specify conversion pattern during schema creation [SYNCOPE-717] - Inconsistent double attribute value management Improvement [SYNCOPE-708] - Conform the Logger "service stack" to others ... Upgrading from 1.2.4? There are some notes about this. Bug [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name [SYNCOPE-669] - Search filter in the notifications doesn't work properly [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task [SYNCOPE-671] - Changed password value is not propagated to external resources on successful password reset [SYNCOPE-672] - Console doesn't display the right condition when configuring a search filter with a resource [SYNCOPE-673] - Null ids in SyncJob report [SYNCOPE-677] - Cannot override console's landing page [SYNCOPE-678] - Password generation fails with no password policy or no min / max length [SYNCOPE-682] - NPE when defining resources for pass-through authentication [SYNCOPE-683] - Cannot unassign and reassign role with membership attrs to user [SYNCOPE-684] - Password not updated on external resources from self-service Improvement [SYNCOPE-660] - Extend control over asynchronous job execution [SYNCOPE-667] - simplification of admin roles fil
[CONF] Apache Syncope > Upgrade from 1.2.9 to 1.2.10
Title: Message Title Francesco Chicchiricco created a page Upgrade from 1.2.9 to 1.2.10 POM POM In the root pom.xml: change parent/version from 1.2.9 to 1.2.10 change properties/syncope.version from 1.2.9 to 1.2.10 View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Create a new Syncope project
Title: Message Title Francesco Chicchiricco edited a page Create a new Syncope project ... Code Block mvn archetype:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repo1.maven.org/maven2 \ -DarchetypeVersion=1.2.910 The archetype is configured with default values for all properties required by the archetype. If you want to customize any of these property values, type 'n' when prompted for confirmation. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Git workflow
Title: Message Title Francesco Chicchiricco edited a page Git workflow ... Code Block language bash git config --global branch.autosetuprebase always With the config setting reported above, any git pull will be transparently handled by Git as if it was git pull --rebase. Especially if working on MS Windows, be sure to properly handle line endings: Code Block language bash git config core.autocrlf true Prepare your fork The first thing to do is to make sure you have the syncope Git repository configured as a remote. In this case we will add it as a remote called syncope: ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 2.0.0 to 2.0.1
Title: Message Title Francesco Chicchiricco created a page Upgrade from 2.0.0 to 2.0.1 POM Other POM In the root pom.xml: change parent/version from 2.0.0 to 2.0.1 change properties/syncope.version from 2.0.0 to 2.0.1 Other Replace the following files with their 2.0.1 counterparts (re-apply any customization previously made): enduser/src/main/resources/enduser.properties all files under enduser/src/main/webapp/app/ View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Roadmap
Title: Message Title Francesco Chicchiricco edited a page Roadmap ... [SYNCOPE-129] Delegation [SYNCOPE-152] Support SCIM REST API [SYNCOPE-534] OAuth 2.0 Service Provider [SYNCOPE-699] Apache Shiro integration [SYNCOPE-956] Allow _javascript_-based customizations [SYNCOPE-957] Multiaccount 3.0.0 (Maggiore) Issues See updated list on project's JIRA. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Roadmap
Title: Message Title Francesco Chicchiricco edited a page Roadmap ... [SYNCOPE-129] Delegation [SYNCOPE-152] Support SCIM REST API [SYNCOPE-534] OAuth 2.0 Service Provider [SYNCOPE-699] Apache Shiro integration [SYNCOPE-956] Allow _javascript_-based customizations 3.0.0 (Maggiore) Issues See updated list on project's JIRA. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Create a new Syncope project
Title: Message Title Francesco Chicchiricco edited a page Create a new Syncope project ... Code Block mvn archetype:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repo1.maven.org/maven2 \ -DarchetypeVersion=1.2.89 The archetype is configured with default values for all properties required by the archetype. If you want to customize any of these property values, type 'n' when prompted for confirmation. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 1.2.8 to 1.2.9
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 1.2.8 to 1.2.9 ... change parent/version from 1.2.7 to 8 to 1.2.89 change properties/syncope.version from 1.2.78 to 1.2.8 Other SYNCOPE-855 Upgrade all ConnId connector bundles to their respective latest versions; in particular: CSV Directory 0.8.5 LDAP 1.4.1 Database Table 2.2.4 Active Directory (JNDI) 1.2.6 SYNCOPE-840 Replace the following file with its 1.2.8 counterpart: core/src/main/webapp/WEB-INF/web.xml Add the following file: core/src/main/webapp/docRedirect.jsp SYNCOPE-769 Replace the following files with their 1.2.8 counterpart: core/src/main/resources/workflow.properties core/src/main/resources/workflowContext.xml 9 View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 1.2.8 to 1.2.9
Title: Message Title Francesco Chicchiricco created a page Upgrade from 1.2.8 to 1.2.9 POM Other POM In the root pom.xml: change parent/version from 1.2.7 to 1.2.8 change properties/syncope.version from 1.2.7 to 1.2.8 Other SYNCOPE-855 Upgrade all ConnId connector bundles to their respective latest versions; in particular: CSV Directory 0.8.5 LDAP 1.4.1 Database Table 2.2.4 Active Directory (JNDI) 1.2.6 SYNCOPE-840 Replace the following file with its 1.2.8 counterpart: core/src/main/webapp/WEB-INF/web.xml Add the following file: core/src/main/webapp/docRedirect.jsp SYNCOPE-769 Replace the following files with their 1.2.8 counterpart: core/src/main/resources/workflow.properties core/src/main/resources/workflowContext.xml View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > REST API upgrade
Title: Message Title
Francesco Chicchiricco edited a page
REST API upgrade
Note
title
Version warning
In Syncope 1.1.0 a new REST interface was introduced (referred as new in the following). It is exposed in 1.1.0 by default under /cxf. The REST interface available in 1.0.X (referred as old in the following) is still present but will be removed from releases >= 1.2.0. It is exposed by default in 1.1.X under /rest Starting with 2.0.0 the Reference Guide is available.
This page shall give you an overview of old and new REST API.
Table of Contents
Main focus on redesign REST interface was to apply RESTful Best Practices ...
Old URL
New URL
Comment
POST /connector/create
POST /connectors
Creates a new connector instance.
GET /connector/read/{connectorId}
GET /connectors/{connectorId}
Returns connector with matching id.
GET /connector/list?lang={lang}
GET /connectors?lang={lang}
Returns a list of all connectors. Default language is English.
POST /connector/update
PUT /connectors/{connectorId}
Overwrites connector with matching key.
GET /connector/delete/{connectorId}
DELETE /connectors/{connectorId}
Deletes connector with matching id.
Old URL
New URL
Comment
GET /connector/bundle/list?lang={lang}
GET /connectors/bundles?lang={lang}
Returns known bundles. Default language is English.
POST /connector/schema/list?showall={showall}
POST /connectors/{connectorId}/schemas?showAll={showall}
Returns schema names for connector. Default is showAll=false.
GET /connector/{connectorId}/configurationProperty/list
GET /connectors/{connectorId}/configuration
Returns configuration for selected connector.
POST /connector/check
POST /connectors/check
Checks if a connection can be established.
GET /connector/{resourceName}/readByResource
GET /connectors;resourceName={connectorId}
Returns connector for resourceName.
POST /connector/reload
POST /connectors/reload
Reload all connector bundles and instances.
...
Old URL
New URL
Comment
POST /report/create
POST /reports
Creates a new report.
GET /report/read/{reportId}
GET /reports/{reportId}
Returns report with matching reportId.
GET /report/list
GET /reports
Returns a list of all reports.
GET /report/list/{page}/{size}
GET /reports?page={page}&size={size}
Returns a list of reports according to pagination.
POST /report/count
POST /reports/count
Returns number of existing reports.
POST /report/update
PUT /reports/{reportId}
Updates report with matching reportId.
GET /report/delete/{reportId}
DELETE /reports/{reportId}
Deletes report with matching id.
Old URL
New URL
Comment
POST /report/execute/{reportId}
POST /reports/{reportId}/execute
Executes report and returns execution result.
GET /report/execution/read/{executionId}
GET /reports/executions/{executionId}
Returns execution report.
GET /report/execution/export/{executionId}?fmt={format}
GET /reports/executions/{executionId}/dbDump?format={format}
Returns execution report as an downloadable file. Format is optional.
GET /report/execution/delete/{executionId}
DELETE /reports/executions/{executionId}
Deletes execution report with matching id.
Old URL
New URL
Comment
GET /report/reportletConfClasses
GET /reports/reportletConfClasses
Returns a list of all reportletConfClasses.
...
Old URL
New URL
Comment
GET /user/activate/{userId}
POST /users/{userId}/status/activate
Activates matching user account.
GET /user/activateByUsername/{username}
POST /user/activateByUsername/{username}
Activates matching user account.
GET /user/reactivate/{userId}
POST /users/{userId}/status/reactivate
Reactivates new user account.
GET /user/reactivateByUsername/{username}
POST /user/reactivateByUsername/{username}
Reactivates new user account.
GET /user/suspend/{userId}
POST /users/{userId}/status/suspend
Suspends user account.
GET /user/suspendByUsername/{username}
POST /user/suspendByUsername/{username}
Suspends user account.
...
View page
•
Add comment
•
Like
Stop watching space
•
Manage notifications
This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Roadmap
Title: Message Title Francesco Chicchiricco edited a page Roadmap ... Table of Contents maxLevel 2 style decimal 2. ... Issues See updated list on project's JIRA. [SYNCOPE-494] Set Java 7 as minimum requirement [SYNCOPE-120] Avoid duplication in console's authorization management [SYNCOPE-119] Realm-based authorization [SYNCOPE-652] Domains [SYNCOPE-666] Any objects [SYNCOPE-139] Support OpenICF connector bundles [SYNCOPE-692] List and search on external resources [SYNCOPE-140] Dynamic role and group memberships [SYNCOPE-141] Concurrent propagation [SYNCOPE-142] Asynchronous propagation [SYNCOPE-156] New admin UI [SYNCOPE-158] CLI admin tool [SYNCOPE-690] Must change password at next login [SYNCOPE-700] Documentation artifacts [SYNCOPE-704] Swagger extension 2.1.0 (Fusion) Issues See updated list on project's JIRA. [SYNCOPE-129] Delegation [SYNCOPE-152] Support SCIM REST API [SYNCOPE-534] OAuth 2.0 Service Provider [SYNCOPE-699] Apache Shiro integration 3.0.0 (Maggiore) Issues See updated list on project's JIRA. [SYNCOPE-161] Pluggable authentication modules [SYNCOPE-162] PDC-based authentication [SYNCOPE-163] Authentication chain [SYNCOPE-165] One-time password [SYNCOPE-167] Resource access policies 4.0.0 (Notturno) Issues See updated list on project's JIRA. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz Table of Contents maxLevel 1 style decimal 2.0.0 (September 9th, 2016) The first stable version of Syncope 2.0 Jazz is finally available, finalizing almost 2 years of community effort. What's new Identity Recertification Migration guide from Apache Syncope 1.2 Bug [SYNCOPE-738] - Startup errors with Wildfly due to Camel route loading [SYNCOPE-929] - Braces are ignored for FIQL strings [SYNCOPE-930] - Exception when dropping the last "Base Contexts to Synchronize" from LDAP connector [SYNCOPE-931] - Error in Camel route causes subsequent failures [SYNCOPE-933] - Dashboard: status COMPLETE is reported for running jobs [SYNCOPE-934] - Bad form (including login) appearance with IE 11 [SYNCOPE-935] - Attribute 'type' shouldn't be available to create a group filter [SYNCOPE-936] - Sync token reset to NULL when no SyncDelta items are available Improvement [SYNCOPE-853] - Add AngularJS tests for enduser [SYNCOPE-926] - Syncope 2.x startup improvements [SYNCOPE-932] - Search UI improvements New Feature [SYNCOPE-880] - Identity Recertification 2.0.0.M5 (September 2nd, 2016) The last milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M4. What's new Eclipse IDE Plugin The Eclipse IDE plugin allows remote management of notification e-mail and report templates, and constitutes an example of a Java application relying on the Client Library for interacting with the Core via REST. The plugin was developed as part of Google Summer of Code 2016. Documentation Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular. The brand new Getting Started guide and Reference Guide are now complete and available. Migrating from older releases The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide. ... [SYNCOPE-809] - Eclipse plugin Bug [SYNCOPE-872] - Type extensions not considered for user form [SYNCOPE-878] - Failure on bulk deletion of users [SYNCOPE-879] - Auto-completion not working for internal and external attribute names [SYNCOPE-881] - Users not removed from transitive external resources when deleted [SYNCOPE-883] - Can't access REST API via browser [SYNCOPE-884] - Error in REST API when specifying application/xml accept header [SYNCOPE-886] - Error enablig/disabling user on a single resource [SYNCOPE-887] - Hidden password in pull task user template [SYNCOPE-888] - No error thrown if resource mapping internal attribute doesn't exist [SYNCOPE-891] - Resource Provisioning Error [SYNCOPE-892] - RuntimeException when resizing tables [SYNCOPE-893] - International characters in group name [SYNCOPE-898] - Cannot set realm in user / group / any object templates for pull task [SYNCOPE-899] - neighborhood relationship type has no description [SYNCOPE-900] - Can't edit Camel routes in Console [SYNCOPE-901] - Syncope 2.0.0.X maven source artifacts missing [SYNCOPE-905] - Wrong entitlement evaluation [SYNCOPE-907] - Creating any object with relationship to another results in self-relationship [SYNCOPE-908] - Exception when searching for any object to fill relationship [SYNCOPE-911] - Enduser should allow empty values on non required select fields [SYNCOPE-912] - Registered users receive an error message after saving their own profile [SYNCOPE-915] - When changing connector's display name, the topology is not refreshed [SYNCOPE-916] - Content exporter includes unwanted items [SYNCOPE-918] - When a user has been successfully updated, logout link doesn't bring back to home page. [SYNCOPE-921] - Approval list not reloaded after approve/reject operations [SYNCOPE-923] - Sync / Pull task not configured for delete causes incremental sync to prematurely stop [SYNCOPE-927] - User creation randomly fails if capctha check has been disabled [SYNCOPE-928] - Table that stores user passwords store duplicate entries Improvement [SYNCOPE-700] - Documentation artifacts [SYNCOPE-854] - Uploaded file preview for enduser [SYNCOPE-894] - Allow international characters in username, group's and any object's names [SYNCOPE-895] - Enable Secure Processing on all DocumentBuilderFactory/TransfomerFactory instances [SYNCOPE-896] - Non-mandatory DropDown attributes should show a blank value when no value is specified [SYNCOPE-902] - Provide helper method to retrieve all the groups of a user [SYNCOPE-906] - Allow reference to username and group / any object name as search parameters [SYNCOPE-909] - Consolidate Camel Processors [SYNCOPE-910] - Introduce new Camel propagation component [SYNCOPE-913]
[CONF] Apache Syncope > FAQ
Title: Message Title Francesco Chicchiricco edited a page FAQ ... I get the error "WorkflowException: ... No outgoing sequence flow..." when updating an user This When the Activiti workflow adapter is enabled, this means that the given user has a workflow state for which no update is allowed. Such constraints are contained in the default worklfow XML definition that can be extended an customized through the administration If you want instead to allow such transitions, you will need to update the workflow definition accordingl, through the admin console. I get the error "An error occurred while registering a ClassTransformer with PersistenceUnitInfo..." during startup ... Code Block org.codehaus.cargo cargo-maven2-plugin true 18 ... Sync / Pull Task Execution report not generated when large number of users (e.g. 1000+) exist in MySQL We can track the cause if we see errors in the core.log as follows: ... Code Block mysql> describe TaskExec; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | id| bigint(20) | NO | PRI | NULL| | | endDate | datetime | YES | | NULL| | | message | mediumtext | YES | | NULL| | | startDate | datetime | YES | | NULL| | | status| varchar(255) | NO | | NULL| | | TASK_ID | bigint(20) | YES | MUL | NULL| | +---+--+--+-+-+---+ 6 rows in set (0.00 sec) After ... sync / pull, users do not get assigned any external resource By default, users are created in Syncope upon synchronization after sync / pull only with data provided by the synchronizing external resource. If you want to enrich such users, upon create or update after synchronizationsync / pull, you need to provide an UserTemplate for the related Synchronization Task. Note that this mechanism allows to add various details to synchronizing / pulled users: password, attributes, resources, roles, etc. ... Include the following information :(<= 1.2.x) Code Block [REST]:[AuthenticationController]:[]:[login]:[SUCCESS] [REST]:[AuthenticationController]:[]:[login]:[FAILURE] ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Git workflow
Title: Message Title Francesco Chicchiricco edited a page Git workflow ... The following Git workflow is just a proposal so users can follow it when creating pull requests, to make sure we will be able to merge it without issues. Preliminary: Git configuration Uninentional merge commits can make commit history harder to read. In order to prevent this, the following setting can be set Code Block language bash git config --global branch.autosetuprebase always With the config setting reported above, any git pull will be transparently handled by Git as if it was git pull --rebase. Prepare your fork The first thing to do is to make sure you have the syncope Git repository configured as a remote. In this case we will add it as a remote called syncope: ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz Table of Contents maxLevel 1 style decimal 2.0.0-M4 (June 24th, 2016) The forth milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M3. Bug [SYNCOPE-845] - Type extensions not considered for user and any objects forms [SYNCOPE-863] - Pull policy correlation rule plain attributes palette doesn't work fine [SYNCOPE-865] - Random ConcurrentModificationException reported in the logs [SYNCOPE-867] - Creating a new notification template the list of available templates are not updated after submit [SYNCOPE-868] - Submit and cancel button not available in create report template modal page [SYNCOPE-869] - Missing notification in case of success after create and update [SYNCOPE-875] - Can't test LDAP Connector in admin console [SYNCOPE-876] - Fake after object reported by propagation in case of delete Improvement [SYNCOPE-827] - Allow to specify user / group / any object filters for push tasks [SYNCOPE-829] - Use actual pagination for resource explore [SYNCOPE-852] - Add a good title including report/reportlet name modal used to edit report and reportlet [SYNCOPE-862] - Membership and type extension improvements [SYNCOPE-866] - Check for existence of key before adding template [SYNCOPE-870] - Refer to users and groups by their names in Activiti workflow definition [SYNCOPE-871] - Link NumberWidgets on the dashboard to their respective pages [SYNCOPE-873] - Remove list() methods from User, Group and AnyObject REST APIs New Feature [SYNCOPE-721] - Enduser i18n [SYNCOPE-859] - External Resource bulk operations [SYNCOPE-860] - Allow listing group / role members [SYNCOPE-864] - Support for Payara [SYNCOPE-874] - Realm provisioning 2.0.0-M3 (June 3rd, 2016) The third milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M2. ... [SYNCOPE-719] - UI enhancements [SYNCOPE-745] - Complete Configuration [SYNCOPE-765] - Provide approval management Bug [SYNCOPE-737] - UserWizardBuilder, the store internally password flag is not set properly [SYNCOPE-781] - Activiti Modeler breaks deployment from installer [SYNCOPE-783] - DateTime fields not correctly handled in Enduser [SYNCOPE-792] - Improve JEXL information text for "mandatory" when creating a new schema attribute [SYNCOPE-793] - Password" keys missing when creating a resource mapping [SYNCOPE-798] - Once authenticated to enduser, "Cancel" brings nowhere [SYNCOPE-799] - Do not allow admin user log in to enduser [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal [SYNCOPE-801] - Provisioning mappings are not saved [SYNCOPE-811] - Error message "'spinner' is required" [SYNCOPE-812] - Remove flickering [SYNCOPE-813] - Remove "mandatory" field from configuration parameter creation [SYNCOPE-814] - MasterContent.xml configuration is broken for "main" [SYNCOPE-817] - Switching between Connector Configuration tabs loses information [SYNCOPE-823] - Workflow XML editor pops up after closing Activiti Modeler [SYNCOPE-825] - CSS title under Realms: bad style [SYNCOPE-836] - On Firefox, once logged in can't log out and viceversa if cache is not have been cleared [SYNCOPE-837] - Bad appearance for + / - buttons under Chrome / Chromium [SYNCOPE-839] - Syncope 2.0.0-M2 has a missing dependency syncope-fit-build-build-tools [SYNCOPE-844] - When showing propagation task details stacktrace is reported instead [SYNCOPE-846] - Annoying flickering [SYNCOPE-847] - When creating virtual schema, the new item is not shown in the list [SYNCOPE-849] - Task execution popup does not resize properly on Chrome [SYNCOPE-850] - Heart icon to check connector connectivity does not show feedback panel on Chrome Improvement [SYNCOPE-791] - Update UI to display what you're adding when creating a role [SYNCOPE-796] - Add favicon to enduser [SYNCOPE-797] - Automatically select a unique version for a Connector [SYNCOPE-802] - Improve Connector "Capabilities" layout [SYNCOPE-803] - Improve explanation for on/off buttons in the Connector Configuration [SYNCOPE-804] - Support the explanation of the Connector Configuration properties [SYNCOPE-805] - Select destination realm from a drop down list when creating a task [SYNCOPE-806] - Validate "standalone" resource provisioning [SYNCOPE-807] - When editing realms, select account and password policies from combo box [SYNCOPE-810] - Allow generated projects to include extensions in embedded mode [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs [SYNCOPE-816] - Add message when no "plain" at
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz ... Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect. The admin UI is also available in Russian - besides English, Italian and Brazilian Portuguese. This application is now feature-complete and ready to amaze with its complete, rich and dynamic UI. Work In Progress: Documentation Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular. The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel. Migrating from older releases The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide. ... Widget Connector url https://www.youtube.com/watch?v=6uvrWMbZ6xQ Work In Progress: Documentation Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular. ... A brand new application is under development, while already being usable, which allows extreme customization for each deployment. Work In Progress: Documentation Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Jazz
Title: Message Title Francesco Chicchiricco edited a page Jazz Table of Contents maxLevel 1 style decimal 2.0.0-M3 (June 3rd, 2016) The third milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M2. What's new New Admin Console Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect. This application is now feature-complete and ready to amaze with its complete, rich and dynamic UI. Work In Progress: Documentation Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular. The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel. Migrating from older releases The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide. Sub-task [SYNCOPE-719] - UI enhancements [SYNCOPE-745] - Complete Configuration [SYNCOPE-765] - Provide approval management Bug [SYNCOPE-737] - UserWizardBuilder, the store internally password flag is not set properly [SYNCOPE-781] - Activiti Modeler breaks deployment from installer [SYNCOPE-783] - DateTime fields not correctly handled in Enduser [SYNCOPE-792] - Improve JEXL information text for "mandatory" when creating a new schema attribute [SYNCOPE-793] - Password" keys missing when creating a resource mapping [SYNCOPE-798] - Once authenticated to enduser, "Cancel" brings nowhere [SYNCOPE-799] - Do not allow admin user log in to enduser [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal [SYNCOPE-801] - Provisioning mappings are not saved [SYNCOPE-811] - Error message "'spinner' is required" [SYNCOPE-812] - Remove flickering [SYNCOPE-813] - Remove "mandatory" field from configuration parameter creation [SYNCOPE-814] - MasterContent.xml configuration is broken for "main" [SYNCOPE-817] - Switching between Connector Configuration tabs loses information [SYNCOPE-823] - Workflow XML editor pops up after closing Activiti Modeler [SYNCOPE-825] - CSS title under Realms: bad style [SYNCOPE-836] - On Firefox, once logged in can't log out and viceversa if cache is not have been cleared [SYNCOPE-837] - Bad appearance for + / - buttons under Chrome / Chromium [SYNCOPE-839] - Syncope 2.0.0-M2 has a missing dependency syncope-fit-build-build-tools [SYNCOPE-844] - When showing propagation task details stacktrace is reported instead [SYNCOPE-846] - Annoying flickering [SYNCOPE-847] - When creating virtual schema, the new item is not shown in the list [SYNCOPE-849] - Task execution popup does not resize properly on Chrome [SYNCOPE-850] - Heart icon to check connector connectivity does not show feedback panel on Chrome Improvement [SYNCOPE-791] - Update UI to display what you're adding when creating a role [SYNCOPE-796] - Add favicon to enduser [SYNCOPE-797] - Automatically select a unique version for a Connector [SYNCOPE-802] - Improve Connector "Capabilities" layout [SYNCOPE-803] - Improve explanation for on/off buttons in the Connector Configuration [SYNCOPE-804] - Support the explanation of the Connector Configuration properties [SYNCOPE-805] - Select destination realm from a drop down list when creating a task [SYNCOPE-806] - Validate "standalone" resource provisioning [SYNCOPE-807] - When editing realms, select account and password policies from combo box [SYNCOPE-810] - Allow generated projects to include extensions in embedded mode [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs [SYNCOPE-816] - Add message when no "plain" attributes available [SYNCOPE-818] - Allow to optionally specify the MappingItemTransformer class, for each mapping item [SYNCOPE-819] - Add deletion query across all components [SYNCOPE-820] - Allow to optionally specify user / group / any object template(s) for pull tasks [SYNCOPE-821] - Allow capability override on resources [SYNCOPE-822] - Replace Long autogenerated keys with UUIDs [SYNCOPE-824] - Push/Pull task "names" not marked as mandatory in the console [SYNCOPE-826] - Allow to specify any templates and logic actions from realm [SYNCOPE-830] - Associate notification tasks to related notifications [SYNCOPE-834] - Single WebSocketBehavior per page [SYNCOPE-835] - Allow to configure groups' type
[CONF] Apache Syncope > Intermezzo
Title: Message Title Francesco Chicchiricco edited a page Intermezzo Table of Contents maxLevel 1 style decimal 1.2.8 (June 3rd, 2016) Upgrading from 1.2.7? There are some notes about this. Bug [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema [SYNCOPE-769] - Sync performance decrease [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal [SYNCOPE-840] - REST API doc url breaks without trailing slash Improvement [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive [SYNCOPE-804] - Support the explanation of the Connector Configuration properties [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs [SYNCOPE-855] - Synchronization token management enhancement in case of errors [SYNCOPE-858] - Ensure afterObject is provided after propagation New Feature [SYNCOPE-856] - Allow to provision all group's members upon request 1.2.7 (January 15th, 2016) Upgrading from 1.2.6? There are some notes about this. Bug [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided [SYNCOPE-735] - Acitiviti history tables uncontrolled growth [SYNCOPE-739] - Virtual attributes are not updated after a sync task [SYNCOPE-741] - Tasks page unusable when a task has thousand executions Improvement [SYNCOPE-748] - Selectively delete task and report executions [SYNCOPE-751] - Preview for PDF binary values 1.2.6 (November 5th, 2015) Bug [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password [SYNCOPE-691] - Multivalue virtual attribute does not work [SYNCOPE-702] - Documentation issue on Architecture section [SYNCOPE-707] - ConfigurationLogic doesn't check the existence of key during deletion. [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources [SYNCOPE-712] - Error while searching roles by parent [SYNCOPE-716] - Cannot specify conversion pattern during schema creation [SYNCOPE-717] - Inconsistent double attribute value management Improvement [SYNCOPE-708] - Conform the Logger "service stack" to others ... Upgrading from 1.2.4? There are some notes about this. Bug [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name [SYNCOPE-669] - Search filter in the notifications doesn't work properly [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task [SYNCOPE-671] - Changed password value is not propagated to external resources on successful password reset [SYNCOPE-672] - Console doesn't display the right condition when configuring a search filter with a resource [SYNCOPE-673] - Null ids in SyncJob report [SYNCOPE-677] - Cannot override console's landing page [SYNCOPE-678] - Password generation fails with no password policy or no min / max length [SYNCOPE-682] - NPE when defining resources for pass-through authentication [SYNCOPE-683] - Cannot unassign and reassign role with membership attrs to user [SYNCOPE-684] - Password not updated on external resources from self-service Improvement [SYNCOPE-660] - Extend control over asynchronous job execution [SYNCOPE-667] - simplification of admin roles filter query used in search [SYNCOPE-674] - NotificationManager should be able to return a list of created task ids [SYNCOPE-676] - Option for getting simplified list of users and roles 1.2.4 (May 5th, 2015) Bug [SYNCOPE-654] - Some generic and uninformative error messages [SYNCOPE-655] - Files under /etc/apache-syncope ignored [SYNCOPE-656] - Debian configuration files overwrittern [SYNCOPE-658] - Duplicate derived attribute after sync task when it is configured as accountid for the synched resource [SYNCOPE-659] - Wrong fasterxml.jackson, common-lang3 version in the Import-Package in the syncope-common, syncope-client [SYNCOPE-664] - Empty string values not allowed with Oracle DB Improvement [SYNCOPE-663] - Option to ignore users / roles during synchronization or push ... Upgrading from 1.2.2? There are some notes about this. Bug [SYNCOPE-638] - MAttrTemplate and RAttrTemplate sequence values are not managed in content.xml [SYNCOPE-639] - Notification 'recipientAttrType' and 'recipientAttrName' are not required [SYNCOPE-641] - Concurrency issues with multiple client threads [SYNCOPE-643] - WorkflowResult provides unmodifiable collection for performed tasks [SYNCOPE-644] - Error during synchronization of roles when using a RoleSchema as accountId [SYNCOPE-647] - Problem during propagation of an updated membership on a resource [SYNCOPE-649] - Paged lists not working properly Improvement [SYNCOPE
[CONF] Apache Syncope > Create a new Syncope project
Title: Message Title Francesco Chicchiricco edited a page Create a new Syncope project ... Code Block mvn archetype:generate \ -DarchetypeGroupId=org.apache.syncope \ -DarchetypeArtifactId=syncope-archetype \ -DarchetypeRepository=http://repo1.maven.org/maven2 \ -DarchetypeVersion=1.2.78 The archetype is configured with default values for all properties required by the archetype. If you want to customize any of these property values, type 'n' when prompted for confirmation. ... View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
[CONF] Apache Syncope > Upgrade from 1.2.7 to 1.2.8
Title: Message Title Francesco Chicchiricco edited a page Upgrade from 1.2.7 to 1.2.8 ... change parent/version from 1.2.7 to 1.2.8 change properties/syncope.version from 1.2.7 to 1.2.8 Other SYNCOPE-855 Upgrade all ConnId connector bundles to their respective latest versions; in particular: CSV Directory 0.8.5 LDAP 1.4.1 Database Table 2.2.4 Active Directory (JNDI) 1.2.6 SYNCOPE-840 Replace the following file with its 1.2.8 counterpart: core/src/main/resources/restContextwebapp/WEB-INF/web.xml Add the following file: core/src/main/webapp/docRedirect.jsp SYNCOPE-769 Replace the following files with their 1.2.8 counterpart: core/src/main/resources/workflow.properties core/src/main/resources/workflowContext.xml View page • Add comment • Like Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4
