[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14049660#comment-14049660 ] Francesco Chicchiriccò commented on SYNCOPE-164: By taking a look at [the actual code|https://github.com/Tirasa/ConnIdLDAPBundle/blob/master/src/main/java/org/connid/bundles/ldap/LdapConnection.java#L143] invoked by LDAP connector's {{authenticate()}} it seems that the underlying password encoding just does not matter: as expected a JNDI bind is performed with clear password extracted from passed {{GuardedString}} instance. This means that connector's digest algorithm does not play any role here. The cipher algorithm defined on Syncope only matters when performing local authentication; as you can read from {{SyncopeAuthenticationProvider#authenticate}}, authentication on external resources is only attempted when local authentication fails. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14048911#comment-14048911 ] Colm O hEigeartaigh commented on SYNCOPE-164: - Hi Francesco, I just experimented a bit with this feature, by syncing in some users from LDAP and not providing a password mapping. I can log on via the REST API fine when the user has either a plaintext, SHA or SSHA password in LDAP. However authentication doesn't seem to work when the user has a SHA-256 password. Is the global user cipher algorithm, or the password digest algorithm of the Connector in play here? Thanks, Colm. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047461#comment-14047461 ] Francesco Chicchiriccò commented on SYNCOPE-164: After some re-thinking I have slightly changed my mind about the selection process above. Instead of (almost) randomly picking the first account policy with authentication resources, the updated proposal is: # look for directly assigned resources, pick the ones whose account policy has authentication resources configured # look for owned roles, pick the ones whose account policy has authentication resources configured # take global policy, if has authentication resources configured At this point consider the intersection of all authentication resources. WDYT? Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047463#comment-14047463 ] fabio martelli commented on SYNCOPE-164: Intersection sounds good to me. +1 Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047516#comment-14047516 ] ASF subversion and git services commented on SYNCOPE-164: - Commit 1606667 from [~ilgrosso] in branch 'syncope/trunk' [ https://svn.apache.org/r1606667 ] [SYNCOPE-164] implementation provided for core and console Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045973#comment-14045973 ] Colm O hEigeartaigh commented on SYNCOPE-164: - It sounds reasonable to me... Colm. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043267#comment-14043267 ] Colm O hEigeartaigh commented on SYNCOPE-164: - Hi Francesco, I'm wondering if this task might be somewhat straightforward enough to implement for 1.2... If user authentication fails in the SyncopeAuthenticationProvider + if pass through authentication is enabled via a resource property / account policy / etc., then grab the Connectors associated with the user + try to perform authentication using the supplied credentials. Or am I missing something? Colm. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: Sub-task Reporter: Francesco Chicchiriccò Fix For: 3.0.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SYNCOPE-164) Passthrough authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043306#comment-14043306 ] Francesco Chicchiriccò commented on SYNCOPE-164: You need to extend the {{Connector}} interface with an {{authenticate()}} method and modify accordingly {{ConnectorFacadeProxy}} and {{AsyncConnectorFacade}}. Passthrough authentication -- Key: SYNCOPE-164 URL: https://issues.apache.org/jira/browse/SYNCOPE-164 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Fix For: 1.2.0 Provide the possibility to authenticate users on external resources. -- This message was sent by Atlassian JIRA (v6.2#6252)