[jira] [Updated] (SYNCOPE-513) Make value encryption parametric
[
https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-513:
---
Description:
In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism
configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the
password can't be matched during authentication.
For example {{SSHA}} is defined by RFC 2307 as:
{code}
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
digester.setUseLenientSaltSizeCheck(true);
{code}
See [Jasypt's
javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
for more details.
{{Encryptor}} can read from global configuration parameters so that you can
configure some aspect of the way how ciphered values (not only password values
in 1.2.X).
was:
In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism
configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the
password can't be matched during authentication.
For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and
plan)
Original:
{code}
digester.setIterations(10);
digester.setSaltSizeBytes(16);
{code}
Modified for OpenDJ:
{code}
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
{code}
{{Encryptor}} can read from global configuration parameters so that you can
configure some aspect of the way how ciphered values (not only password values
in 1.2.X).
Make value encryption parametric
Key: SYNCOPE-513
URL: https://issues.apache.org/jira/browse/SYNCOPE-513
Project: Syncope
Issue Type: Improvement
Components: core
Affects Versions: 1.1.8
Reporter: Yann Diorcet
Assignee: Francesco Chicchiriccò
Fix For: 1.2.0
In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt
mechanism configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the
password can't be matched during authentication.
For example {{SSHA}} is defined by RFC 2307 as:
{code}
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
digester.setUseLenientSaltSizeCheck(true);
{code}
See [Jasypt's
javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
for more details.
{{Encryptor}} can read from global configuration parameters so that you can
configure some aspect of the way how ciphered values (not only password
values in 1.2.X).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (SYNCOPE-513) Make value encryption parametric
[
https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045752#comment-14045752
]
ASF subversion and git services commented on SYNCOPE-513:
-
Commit 1605998 from [~ilgrosso] in branch 'syncope/trunk'
[ https://svn.apache.org/r1605998 ]
[SYNCOPE-513] Sensible configuration provided via security.properties
Make value encryption parametric
Key: SYNCOPE-513
URL: https://issues.apache.org/jira/browse/SYNCOPE-513
Project: Syncope
Issue Type: Improvement
Components: core
Affects Versions: 1.1.8
Reporter: Yann Diorcet
Assignee: Francesco Chicchiriccò
Fix For: 1.2.0
In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt
mechanism configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the
password can't be matched during authentication.
For example {{SSHA}} is defined by RFC 2307 as:
{code}
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
digester.setUseLenientSaltSizeCheck(true);
{code}
See [Jasypt's
javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
for more details.
{{Encryptor}} can read from global configuration parameters so that you can
configure some aspect of the way how ciphered values (not only password
values in 1.2.X).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Resolved] (SYNCOPE-513) Make value encryption parametric
[
https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò resolved SYNCOPE-513.
Resolution: Fixed
Make value encryption parametric
Key: SYNCOPE-513
URL: https://issues.apache.org/jira/browse/SYNCOPE-513
Project: Syncope
Issue Type: Improvement
Components: core
Affects Versions: 1.1.8
Reporter: Yann Diorcet
Assignee: Francesco Chicchiriccò
Fix For: 1.2.0
In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt
mechanism configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the
password can't be matched during authentication.
For example {{SSHA}} is defined by RFC 2307 as:
{code}
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
digester.setUseLenientSaltSizeCheck(true);
{code}
See [Jasypt's
javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
for more details.
{{Encryptor}} can read from global configuration parameters so that you can
configure some aspect of the way how ciphered values (not only password
values in 1.2.X).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated SYNCOPE-164: Assignee: (was: Colm O hEigeartaigh) Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
Denis Signoretto created SYNCOPE-518: Summary: ApacheDS connector in test samples cannot be modified Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in context.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in context.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at truemaintainLdapGroupMembership value of maintainPosixGroupMembership that shold be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value.) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Signoretto updated SYNCOPE-518: - Description: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. (was: It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it, I can't still modifiy it form Syncope concole. Probably there is something wrong in my fix or some other unexpected value.) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-518: --- Fix Version/s: 1.2.0 1.1.8 ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[ https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francesco Chicchiriccò updated SYNCOPE-518: --- Priority: Minor (was: Major) ApacheDS connector in test samples cannot be modified - Key: SYNCOPE-518 URL: https://issues.apache.org/jira/browse/SYNCOPE-518 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.7 Reporter: Denis Signoretto Priority: Minor Fix For: 1.1.8, 1.2.0 It seems that in content.xml the Apache ConnInstance xmlConfiguration field has some invalid field. Take a look at maintainPosixGroupMembership value that it's truemaintainLdapGroupMembership and I suppose it sholuld be booleantrue/boolean. Even though I tried to fix it updating db, I still can't modifiy connector properties from Syncope concole. Probably there is something wrong in my fix or some other unexpected value. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[
https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-518:
---
Description:
It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s
{{xmlConfiguration}} has some invalid fields.
Take a look at {{maintainPosixGroupMembership}} value which is just
{code}true{code} while I suppose it should be
{code}booleantrue/boolean{code}.
Even though I tried to fix it by updating the db, I still can't modify the
connector properties from admin console. Probably there is something wrong in
my fix or some other unexpected value.
was:It seems that in content.xml the Apache ConnInstance xmlConfiguration
field has some invalid field. Take a look at maintainPosixGroupMembership
value that it's truemaintainLdapGroupMembership and I suppose it sholuld be
booleantrue/boolean. Even though I tried to fix it updating db, I still
can't modifiy connector properties from Syncope concole. Probably there is
something wrong in my fix or some other unexpected value.
ApacheDS connector in test samples cannot be modified
-
Key: SYNCOPE-518
URL: https://issues.apache.org/jira/browse/SYNCOPE-518
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 1.1.7
Reporter: Denis Signoretto
Priority: Minor
Fix For: 1.1.8, 1.2.0
It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s
{{xmlConfiguration}} has some invalid fields.
Take a look at {{maintainPosixGroupMembership}} value which is just
{code}true{code} while I suppose it should be
{code}booleantrue/boolean{code}.
Even though I tried to fix it by updating the db, I still can't modify the
connector properties from admin console. Probably there is something wrong in
my fix or some other unexpected value.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[
https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045933#comment-14045933
]
Denis Signoretto commented on SYNCOPE-518:
--
I've just tried from 1.1.7 standalone distribution and actually it's worinking.
I don't know what causing the problem on my installation (it cam from
1.1.8-SNAPSHOT).
I supposed the error was coming from core\src\test\resources\content.xml where,
after url decoding xmlConfiguration of ApacheDS (ConnInstance 105),
I found the value {{truemaintainLdapGroupMembership}} for schema attribute
maintainPosixGroupMembership
I suppose it's not the real cause and you can close the bug.
ApacheDS connector in test samples cannot be modified
-
Key: SYNCOPE-518
URL: https://issues.apache.org/jira/browse/SYNCOPE-518
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 1.1.7
Reporter: Denis Signoretto
Priority: Minor
Fix For: 1.1.8, 1.2.0
Attachments: screenshot-SYNCOPE-518.png
It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s
{{xmlConfiguration}} has some invalid fields.
Take a look at {{maintainPosixGroupMembership}} value which is just
{code}true{code} while I suppose it should be
{code}booleantrue/boolean{code}.
Even though I tried to fix it by updating the db, I still can't modify the
connector properties from admin console. Probably there is something wrong in
my fix or some other unexpected value.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Closed] (SYNCOPE-518) ApacheDS connector in test samples cannot be modified
[
https://issues.apache.org/jira/browse/SYNCOPE-518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò closed SYNCOPE-518.
--
Resolution: Cannot Reproduce
ApacheDS connector in test samples cannot be modified
-
Key: SYNCOPE-518
URL: https://issues.apache.org/jira/browse/SYNCOPE-518
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 1.1.7
Reporter: Denis Signoretto
Priority: Minor
Fix For: 1.1.8, 1.2.0
Attachments: screenshot-SYNCOPE-518.png
It seems that in test {{content.xml}} the ApacheDS {{ConnInstance}}'s
{{xmlConfiguration}} has some invalid fields.
Take a look at {{maintainPosixGroupMembership}} value which is just
{code}true{code} while I suppose it should be
{code}booleantrue/boolean{code}.
Even though I tried to fix it by updating the db, I still can't modify the
connector properties from admin console. Probably there is something wrong in
my fix or some other unexpected value.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045973#comment-14045973 ] Colm O hEigeartaigh commented on SYNCOPE-164: - It sounds reasonable to me... Colm. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
