[jira] [Updated] (SYNCOPE-313) Support synchronizing non-cleartext passwords from external resources
[
https://issues.apache.org/jira/browse/SYNCOPE-313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated SYNCOPE-313:
Fix Version/s: 1.2.0
Support synchronizing non-cleartext passwords from external resources
-
Key: SYNCOPE-313
URL: https://issues.apache.org/jira/browse/SYNCOPE-313
Project: Syncope
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 1.2.0
Currently we can synchronize cleartext passwords from external resources.
However, we can't handle non-cleartext passwords, as they get treated as if
they are plaintext passwords when imported into Syncope, and hence hashed
again according to user.cipherAlgorithm().
This task is to treat an imported password as hashed according to a give
cipher algorithm configured on the connector (for example via 'Password
Cipher Algorithm' for the DB Connector).
This is specific to each individual connector, as for example for the DB
Connector, it might just be a hashed value stored in a table, whereas for
LDAP it'll be of the form CIPHER}VALUE etc.
Note that we we cannot refer to any specific connector bundle from inside the
SyncopeSyncResultHandler, hence we should find the cleanest place to
encapsulate the following logic:
if (password.isClearText()) {
// do as currently done
} else {
if (connector.isLDAP()) {
// extract cipher and value
} else if (connector.isDBTable()) {
// treat value as ciphered with the cipher defined in connector
configuration
} else {
...
}
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Password encoding query
Done! Colm. On Thu, Feb 14, 2013 at 2:12 PM, Francesco Chicchiriccò ilgro...@apache.org wrote: On 14/02/2013 15:09, Colm O hEigeartaigh wrote: Here is the JIRA: https://issues.apache.org/**jira/browse/SYNCOPE-313https://issues.apache.org/jira/browse/SYNCOPE-313 Thanks: which fix version should we set for this? 1.2.0? Roadmap [1] should be updated accordingly, then. Regards. [1] https://cwiki.apache.org/**confluence/display/SYNCOPE/**Roadmaphttps://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap -- Francesco Chicchiriccò ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member http://people.apache.org/~**ilgrosso/http://people.apache.org/~ilgrosso/ -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Created] (SYNCOPE-315) Persistent feedback messages
Francesco Chicchiriccò created SYNCOPE-315: -- Summary: Persistent feedback messages Key: SYNCOPE-315 URL: https://issues.apache.org/jira/browse/SYNCOPE-315 Project: Syncope Issue Type: Bug Components: console Affects Versions: 1.0.5, 1.1.0 Reporter: Francesco Chicchiriccò Priority: Minor Fix For: 1.0.6, 1.1.0 Once feedback messages have been reported, they stay on the page until navigating away of that page: note that this does not apply to AJAX navigation. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SYNCOPE-315) Persistent feedback messages
[ https://issues.apache.org/jira/browse/SYNCOPE-315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13579190#comment-13579190 ] Francesco Chicchiriccò commented on SYNCOPE-315: 1_0_X: http://svn.apache.org/r1446584 Persistent feedback messages -- Key: SYNCOPE-315 URL: https://issues.apache.org/jira/browse/SYNCOPE-315 Project: Syncope Issue Type: Bug Components: console Affects Versions: 1.0.5, 1.1.0 Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Priority: Minor Fix For: 1.0.6, 1.1.0 Once feedback messages have been reported, they stay on the page until navigating away of that page: note that this does not apply to AJAX navigation. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
Run Syncope in real environments update
Hi, Trying building Syncope 1.0.5 from scratch on Oracle I've seen that orm.xml (for Oracle) it's changed between 1.0.x and latest trunk version (currently 1.1.x). I have just updated the documentation page [1] adding the links to use with the 1.0.x and with the latest version. I didn't find a smart way to link any 1.0.x version so I've just linked current 1.0.5. Feel free to adjust it if you find a better solution. Regards. Denis [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+real+environments
Re: Run Syncope in real environments update
On 15/02/2013 16:03, Denis Signoretto wrote: Hi, Trying building Syncope 1.0.5 from scratch on Oracle I've seen that orm.xml (for Oracle) it's changed between 1.0.x and latest trunk version (currently 1.1.x). I have just updated the documentation page [1] adding the links to use with the 1.0.x and with the latest version. I didn't find a smart way to link any 1.0.x version so I've just linked current 1.0.5. Feel free to adjust it if you find a better solution. Hi Denis, thanks for finding and reporting. I've slightly changed your fix to point to 1_0_X instead of 1.0.5; I've also changed the SQL Server section accordingly. Regards. [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+real+environments -- Francesco Chicchiriccò ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member http://people.apache.org/~ilgrosso/
[jira] [Resolved] (SYNCOPE-312) Introducing UserWorkflowService
[ https://issues.apache.org/jira/browse/SYNCOPE-312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christian Schneider resolved SYNCOPE-312. - Resolution: Fixed Introducing UserWorkflowService --- Key: SYNCOPE-312 URL: https://issues.apache.org/jira/browse/SYNCOPE-312 Project: Syncope Issue Type: Bug Components: common Reporter: Jan Bernhardt Assignee: Christian Schneider Priority: Minor Labels: refactoring Fix For: 1.1.0 As agreed on dev mailinglist [1] task of this Issue is to create a UserWorkflowService Interface and move workflow related methods from UserService to UserWorkflowService. [1] http://syncope-dev.1063484.n5.nabble.com/DISCUSS-User-Service-td5712640.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
LDAP Role queries
Hi all (Francesco), I've been experimenting with propagating/synchronizing roles from an LDAP backend on trunk...here are some questions: 1) When specifying the Account Id, where does the name come from? For example, for user mapping it's username, for the role mapping it's name, which is a bit confusing (I would have guessed rolename). 2) If I create a new Role and propagate it with LDAPMembershipPropagationActions, it selects the principal specified in the Connector as the member in the backend resource. Is this expected behaviour? 3) Are role hierarchies supported for either propagation or synchronization? They don't appear to be, but thought I'd check anyway. 4) Role membership is working fine for propagation (create a new role + propagate it, create a new user with that role + propagate it, and the new role in the backend has the correct member entry). However, synchronization doesn't work. If I then synchronize by running the task again (with LDAPMembershipSyncActions), the role of the User actually disappears. Was this working when testing or is it possibly a bug when using member instead of memberof? Thanks, Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: LDAP Role queries
4) Role membership is working fine for propagation (create a new role + propagate it, create a new user with that role + propagate it, and the new role in the backend has the correct member entry). However, synchronization doesn't work. If I then synchronize by running the task again (with LDAPMembershipSyncActions), the role of the User actually disappears. Was this working when testing or is it possibly a bug when using member instead of memberof? LDAPMembershipPropagationActions has ldapGroups as the group member attribute name, whereas LDAPMembershipSyncActions has uniquemember. Is there a reason why it is different in both cases? Shouldn't they also check the value of the groupMemberAttribute property of the LDAP Connector? Colm. On Fri, Feb 15, 2013 at 3:48 PM, Colm O hEigeartaigh cohei...@apache.orgwrote: Hi all (Francesco), I've been experimenting with propagating/synchronizing roles from an LDAP backend on trunk...here are some questions: 1) When specifying the Account Id, where does the name come from? For example, for user mapping it's username, for the role mapping it's name, which is a bit confusing (I would have guessed rolename). 2) If I create a new Role and propagate it with LDAPMembershipPropagationActions, it selects the principal specified in the Connector as the member in the backend resource. Is this expected behaviour? 3) Are role hierarchies supported for either propagation or synchronization? They don't appear to be, but thought I'd check anyway. 4) Role membership is working fine for propagation (create a new role + propagate it, create a new user with that role + propagate it, and the new role in the backend has the correct member entry). However, synchronization doesn't work. If I then synchronize by running the task again (with LDAPMembershipSyncActions), the role of the User actually disappears. Was this working when testing or is it possibly a bug when using member instead of memberof? Thanks, Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Commented] (SYNCOPE-312) Introducing UserWorkflowService
[ https://issues.apache.org/jira/browse/SYNCOPE-312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13579523#comment-13579523 ] Hudson commented on SYNCOPE-312: Integrated in Syncope-trunk #95 (See [https://builds.apache.org/job/Syncope-trunk/95/]) [SYNCOPE-312] Fixing missing consideration of admin console by commit r1446632 (Revision 1446679) SYNCOPE-312 Moving workflow related methods from UserService to UserWorkflowService (Revision 1446632) Result = SUCCESS ilgrosso : Files : * /syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java cschneider : Files : * /syncope/trunk/client/src/main/java/org/apache/syncope/client/services/proxy/UserServiceProxy.java * /syncope/trunk/client/src/main/java/org/apache/syncope/client/services/proxy/UserWorkflowServiceProxy.java * /syncope/trunk/common/src/main/java/org/apache/syncope/common/services/UserService.java * /syncope/trunk/common/src/main/java/org/apache/syncope/common/services/UserWorkflowService.java * /syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/ApprovalRestClient.java * /syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserServiceImpl.java * /syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserWorkflowServiceImpl.java * /syncope/trunk/core/src/main/resources/restContext.xml * /syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java * /syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java Introducing UserWorkflowService --- Key: SYNCOPE-312 URL: https://issues.apache.org/jira/browse/SYNCOPE-312 Project: Syncope Issue Type: Bug Components: common Reporter: Jan Bernhardt Assignee: Christian Schneider Priority: Minor Labels: refactoring Fix For: 1.1.0 As agreed on dev mailinglist [1] task of this Issue is to create a UserWorkflowService Interface and move workflow related methods from UserService to UserWorkflowService. [1] http://syncope-dev.1063484.n5.nabble.com/DISCUSS-User-Service-td5712640.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
