[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-07-02 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14049660#comment-14049660
 ] 

Francesco Chicchiriccò commented on SYNCOPE-164:


By taking a look at [the actual 
code|https://github.com/Tirasa/ConnIdLDAPBundle/blob/master/src/main/java/org/connid/bundles/ldap/LdapConnection.java#L143]
 invoked by LDAP connector's {{authenticate()}} it seems that the underlying 
password encoding just does not matter: as expected a JNDI bind is performed 
with clear password extracted from passed {{GuardedString}} instance.
This means that connector's digest algorithm does not play any role here.

The cipher algorithm defined on Syncope only matters when performing local 
authentication; as you can read from 
{{SyncopeAuthenticationProvider#authenticate}}, authentication on external 
resources is only attempted when local authentication fails.

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-07-01 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14048911#comment-14048911
 ] 

Colm O hEigeartaigh commented on SYNCOPE-164:
-

Hi Francesco,

I just experimented a bit with this feature, by syncing in some users from LDAP 
and not providing a password mapping. I can log on via the REST API fine when 
the user has either a plaintext, SHA or SSHA password in LDAP. However 
authentication doesn't seem to work when the user has a SHA-256 password. Is 
the global user cipher algorithm, or the password digest algorithm of the 
Connector in play here?

Thanks,

Colm.

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-30 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047461#comment-14047461
 ] 

Francesco Chicchiriccò commented on SYNCOPE-164:


After some re-thinking I have slightly changed my mind about the selection 
process above.
Instead of (almost) randomly picking the first account policy with 
authentication resources, the updated proposal is:
 # look for directly assigned resources, pick the ones whose account policy has 
authentication resources configured
 # look for owned roles, pick the ones whose account policy has authentication 
resources configured
 # take global policy, if has authentication resources configured

At this point consider the intersection of all authentication resources.
WDYT?

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-30 Thread fabio martelli (JIRA) 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047463#comment-14047463
 ] 

fabio martelli commented on SYNCOPE-164:


Intersection sounds good to me.
+1

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-30 Thread ASF subversion and git services (JIRA) 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047516#comment-14047516
 ] 

ASF subversion and git services commented on SYNCOPE-164:
-

Commit 1606667 from [~ilgrosso] in branch 'syncope/trunk'
[ https://svn.apache.org/r1606667 ]

[SYNCOPE-164] implementation provided for core and console

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-27 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045973#comment-14045973
 ] 

Colm O hEigeartaigh commented on SYNCOPE-164:
-


It sounds reasonable to me...

Colm.

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-25 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043267#comment-14043267
 ] 

Colm O hEigeartaigh commented on SYNCOPE-164:
-

Hi Francesco,

I'm wondering if this task might be somewhat straightforward enough to 
implement for 1.2...

If user authentication fails in the SyncopeAuthenticationProvider + if pass 
through authentication is enabled via a resource property / account policy / 
etc., then grab the Connectors associated with the user + try to perform 
authentication using the supplied credentials. Or am I missing something?

Colm.

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: Sub-task
Reporter: Francesco Chicchiriccò
 Fix For: 3.0.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SYNCOPE-164) Passthrough authentication

2014-06-25 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/SYNCOPE-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043306#comment-14043306
 ] 

Francesco Chicchiriccò commented on SYNCOPE-164:


You need to extend the {{Connector}} interface with an {{authenticate()}} 
method and modify accordingly {{ConnectorFacadeProxy}} and 
{{AsyncConnectorFacade}}.

 Passthrough authentication
 --

 Key: SYNCOPE-164
 URL: https://issues.apache.org/jira/browse/SYNCOPE-164
 Project: Syncope
  Issue Type: New Feature
Reporter: Francesco Chicchiriccò
 Fix For: 1.2.0


 Provide the possibility to authenticate users on external resources.



--
This message was sent by Atlassian JIRA
(v6.2#6252)