[jira] [Updated] (SYNCOPE-513) Make value encryption parametric
[ https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-513: --- Description: In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example {{SSHA}} is defined by RFC 2307 as: {code} digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); digester.setUseLenientSaltSizeCheck(true); {code} See [Jasypt's javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html] for more details. {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X). was: In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and plan) Original: {code} digester.setIterations(10); digester.setSaltSizeBytes(16); {code} Modified for OpenDJ: {code} digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); {code} {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X). Make value encryption parametric Key: SYNCOPE-513 URL: https://issues.apache.org/jira/browse/SYNCOPE-513 Project: Syncope Issue Type: Improvement Components: core Affects Versions: 1.1.8 Reporter: Yann Diorcet Assignee: Francesco Chicchiriccò Fix For: 1.2.0 In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example {{SSHA}} is defined by RFC 2307 as: {code} digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); digester.setUseLenientSaltSizeCheck(true); {code} See [Jasypt's javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html] for more details. {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-513) Make value encryption parametric
[ https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045752#comment-14045752 ] ASF subversion and git services commented on SYNCOPE-513: - Commit 1605998 from [~ilgrosso] in branch 'syncope/trunk' [ https://svn.apache.org/r1605998 ] [SYNCOPE-513] Sensible configuration provided via security.properties Make value encryption parametric Key: SYNCOPE-513 URL: https://issues.apache.org/jira/browse/SYNCOPE-513 Project: Syncope Issue Type: Improvement Components: core Affects Versions: 1.1.8 Reporter: Yann Diorcet Assignee: Francesco Chicchiriccò Fix For: 1.2.0 In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example {{SSHA}} is defined by RFC 2307 as: {code} digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); digester.setUseLenientSaltSizeCheck(true); {code} See [Jasypt's javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html] for more details. {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Resolved] (SYNCOPE-513) Make value encryption parametric
[ https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò resolved SYNCOPE-513. Resolution: Fixed Make value encryption parametric Key: SYNCOPE-513 URL: https://issues.apache.org/jira/browse/SYNCOPE-513 Project: Syncope Issue Type: Improvement Components: core Affects Versions: 1.1.8 Reporter: Yann Diorcet Assignee: Francesco Chicchiriccò Fix For: 1.2.0 In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example {{SSHA}} is defined by RFC 2307 as: {code} digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); digester.setUseLenientSaltSizeCheck(true); {code} See [Jasypt's javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html] for more details. {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated SYNCOPE-164: Assignee: (was: Colm O hEigeartaigh) Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
Denis Signoretto created SYNCOPE-518: Summary: ApacheDS connector in test samples cannot be modified Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in context.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in context.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value.) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value.) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-518: --- Fix Version/s: 1.2.0 1.1.8 ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-518: --- Priority: Minor (was: Major) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-518: --- Description: It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s {{xmlConfiguration}} has some invalid fields. Take a look at {{maintainPosixGroupMembership}} value which is just {code}true{code} while I suppose it should be {code}booleantrue/boolean{code}. Even though I tried to fix it by updating the db, I still can't modify the connector properties from admin console. Probably there is something wrong in my fix or some other unexpected value. was:It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s {{xmlConfiguration}} has some invalid fields. Take a look at {{maintainPosixGroupMembership}} value which is just {code}true{code} while I suppose it should be {code}booleantrue/boolean{code}. Even though I tried to fix it by updating the db, I still can't modify the connector properties from admin console. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045933#comment-14045933 ] Denis Signoretto commented on SYNCOPE-518: -- I've just tried from 1.1.7 standalone distribution and actually it's worinking. I don't know what causing the problem on my installation (it cam from 1.1.8-SNAPSHOT). I supposed the error was coming from core\src\test\resources\content.xml where, after url decoding xmlConfiguration of ApacheDS (ConnInstance 105), I found the value {{truemaintainLdapGroupMembership}} for schema attribute maintainPosixGroupMembership I suppose it's not the real cause and you can close the bug. ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 Attachments: screenshot-SYNCOPE-518.png It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s {{xmlConfiguration}} has some invalid fields. Take a look at {{maintainPosixGroupMembership}} value which is just {code}true{code} while I suppose it should be {code}booleantrue/boolean{code}. Even though I tried to fix it by updating the db, I still can't modify the connector properties from admin console. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò closed SYNCOPE-518. -- Resolution: Cannot Reproduce ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 Attachments: screenshot-SYNCOPE-518.png It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s {{xmlConfiguration}} has some invalid fields. Take a look at {{maintainPosixGroupMembership}} value which is just {code}true{code} while I suppose it should be {code}booleantrue/boolean{code}. Even though I tried to fix it by updating the db, I still can't modify the connector properties from admin console. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045973#comment-14045973 ] Colm O hEigeartaigh commented on SYNCOPE-164: - It sounds reasonable to me... Colm. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)