Re: Timeline for ROLE provisioning and CXF migration

2012-12-05 Thread ernst Developer 
Hi,
When the CXF transition was proposed, I asked for a wiki page describing
mapping from the Spring MVC requests to the CXF requests.
Is this page available when the CXF development is merged into the trunk?
Regards,
Ernst



2012/12/5 Jan Bernhardt 

> > -Original Message-
> > From: Francesco Chicchiriccò [mailto:ilgro...@apache.org]
> > Sent: Mittwoch, 5. Dezember 2012 09:27
> > To: dev@syncope.apache.org
> > Subject: Re: Timeline for ROLE provisioning and CXF migration
> >
> > On 05/12/2012 09:14, Jan Bernhardt wrote:
> > > Hi Francesco,
> > >
> > > I expect to be done with my Proof of Concept for Syncopes CXF migration
> > within this month. I would like to apply my changes to our trunk
> afterwards,
> > but since you are working on your branch for role provisioning, I was
> > wondering when do you plan to be done with your changes? I think it would
> > be best, if you could apply your changes first and I could go second,
> making
> > sure that your changes to RoleController will also work with CXF.
> > >
> > > WDYT?
> >
> > Hi Jan,
> > I really like the fact that you've got so far with CXF migration! This
> means we
> > will be probably able to include it in the 1.1.0 release, wow :-)
>
> This would be great, indeed. ;-)
> For most parts of the CXF port, I'm done. I'm currently only struggling
> with some strange problems, that I have to investigate a little more. But I
> will also get some additional support from my colleagues here at talend, so
> I'm quite optimistic that the PoC will be complete soon.
>
> Our talend ESB product guys are also quite excited for our new features
> (Role provisioning, OSGi Enhancements and CXF Support), so if both can make
> it within the 1.1.0 release they would very much appreciate this.
>
> My plan would be to apply all required changes to trunk within the first
> week of next year. It would be great, if no other major refactoring takes
> place within that time, to avoid additional merging efforts.
>
> > About the DEV_ROLE_PROVISIONING branch, I am almost done with core
> > features but the admin console is yet to be updated. Everything that is
> > normally working on trunk is working in this branch as well, but new
> things -
> > like role attribute mapping, for example - is still missing.
> >
> > Hence: I guess I will be able to completely merge back the
> > DEV_ROLE_PROVISIONING branch into the trunk (and also remove such
> > branch) by the end of the week.
>
> Awesome!
> >
> > Is this inline with your timings?
>
> Fits perfectly ;-)
> >
> > Regards.
> >
> > --
> > Francesco Chicchiriccò
> >
> > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> > http://people.apache.org/~ilgrosso/
>
> Best regards.
> Jan
>

Re: Timeline for ROLE provisioning and CXF migration

2012-12-05 Thread ernst Developer 
Hi Jan,
Cool. Think I will need that one when migrating to the CXF version of
Syncope.
Cheers!



2012/12/5 Jan Bernhardt 

> Hi Ernst,
>
> yes this page is available (only visible to committers at this time):
>
> https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
>
> it is not complete yet, but it will be once the migration is done.
>
> Best regards.
> Jan
>
>
> > -Original Message-
> > From: ernst Developer [mailto:ernst.develo...@gmail.com]
> > Sent: Mittwoch, 5. Dezember 2012 11:25
> > To: dev@syncope.apache.org
> > Subject: Re: Timeline for ROLE provisioning and CXF migration
> >
> > Hi,
> > When the CXF transition was proposed, I asked for a wiki page describing
> > mapping from the Spring MVC requests to the CXF requests.
> > Is this page available when the CXF development is merged into the trunk?
> > Regards,
> > Ernst
> >
> >
> >
> > 2012/12/5 Jan Bernhardt 
> >
> > > > -Original Message-
> > > > From: Francesco Chicchiriccò [mailto:ilgro...@apache.org]
> > > > Sent: Mittwoch, 5. Dezember 2012 09:27
> > > > To: dev@syncope.apache.org
> > > > Subject: Re: Timeline for ROLE provisioning and CXF migration
> > > >
> > > > On 05/12/2012 09:14, Jan Bernhardt wrote:
> > > > > Hi Francesco,
> > > > >
> > > > > I expect to be done with my Proof of Concept for Syncopes CXF
> > > > > migration
> > > > within this month. I would like to apply my changes to our trunk
> > > afterwards,
> > > > but since you are working on your branch for role provisioning, I
> > > > was wondering when do you plan to be done with your changes? I think
> > > > it would be best, if you could apply your changes first and I could
> > > > go second,
> > > making
> > > > sure that your changes to RoleController will also work with CXF.
> > > > >
> > > > > WDYT?
> > > >
> > > > Hi Jan,
> > > > I really like the fact that you've got so far with CXF migration!
> > > > This
> > > means we
> > > > will be probably able to include it in the 1.1.0 release, wow :-)
> > >
> > > This would be great, indeed. ;-)
> > > For most parts of the CXF port, I'm done. I'm currently only
> > > struggling with some strange problems, that I have to investigate a
> > > little more. But I will also get some additional support from my
> > > colleagues here at talend, so I'm quite optimistic that the PoC will be
> > complete soon.
> > >
> > > Our talend ESB product guys are also quite excited for our new
> > > features (Role provisioning, OSGi Enhancements and CXF Support), so if
> > > both can make it within the 1.1.0 release they would very much
> appreciate
> > this.
> > >
> > > My plan would be to apply all required changes to trunk within the
> > > first week of next year. It would be great, if no other major
> > > refactoring takes place within that time, to avoid additional merging
> efforts.
> > >
> > > > About the DEV_ROLE_PROVISIONING branch, I am almost done with core
> > > > features but the admin console is yet to be updated. Everything that
> > > > is normally working on trunk is working in this branch as well, but
> > > > new
> > > things -
> > > > like role attribute mapping, for example - is still missing.
> > > >
> > > > Hence: I guess I will be able to completely merge back the
> > > > DEV_ROLE_PROVISIONING branch into the trunk (and also remove such
> > > > branch) by the end of the week.
> > >
> > > Awesome!
> > > >
> > > > Is this inline with your timings?
> > >
> > > Fits perfectly ;-)
> > > >
> > > > Regards.
> > > >
> > > > --
> > > > Francesco Chicchiriccò
> > > >
> > > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> > > > http://people.apache.org/~ilgrosso/
> > >
> > > Best regards.
> > > Jan
> > >
>

Re: Schema Mapping improvement

2012-12-15 Thread ernst Developer 
Hi Fabio,

This seems a very good idea.
You could also consider a complete new mapping tab page on which we could
do the sync mapping. In that case the current mapping is used for
propagation.

Regards,
Ernst


2012/12/14 Denis Signoretto 

>
> Another way to get the same result couldn't be
> creating a specialization between sync and provisioned resources?
>
> Regards,
> Denis
>
> > -Messaggio originale-
> > Da: Fabio Martelli [mailto:fabio.marte...@gmail.com]
> > Inviato: venerdì 14 dicembre 2012 16:55
> > A: dev@syncope.apache.org
> > Oggetto: Schema Mapping improvement
> >
> >
> > Hi guys,
> > since I see a strong limitation about the schema mapping
> > configuration I'd like to discuss with you about an improvement.
> >
> > From my PPOV Syncope should give the possibility to specify
> > two different mappings for synchronization and propagation.
> >
> > My suggestion is to provide two boolean flags: the former to
> > specify a propagation mapping and the latter to specify a
> > synchronization mapping.
> > Of course, each mapping must have a flag to true at least.
> >
> > WDYT?
> >
> > Regards,
> > F.
> >
>

Re: Schema Mapping improvement

2012-12-17 Thread ernst Developer 
Yes, I agree.


2012/12/17 Fabio Martelli 

>
> Il giorno 15/dic/2012, alle ore 13.16, ernst Developer ha scritto:
>
> > Hi Fabio,
> >
> > This seems a very good idea.
> > You could also consider a complete new mapping tab page on which we could
> > do the sync mapping. In that case the current mapping is used for
> > propagation.
>
> Hi Ernst,
> yes, this is an alternative but I'd prefer to have all the mappings about
> the same resource into a single tab.
> I think that, in this way, mapping configuration would be simple and easy
> to manage (in terms of troubleshooting).
> Don't you agree?
>
> Regards,
> F.
>
> > Regards,
> > Ernst
> >
> >
> > 2012/12/14 Denis Signoretto 
> >
> >>
> >> Another way to get the same result couldn't be
> >> creating a specialization between sync and provisioned resources?
> >>
> >> Regards,
> >> Denis
> >>
> >>> -Messaggio originale-
> >>> Da: Fabio Martelli [mailto:fabio.marte...@gmail.com]
> >>> Inviato: venerdì 14 dicembre 2012 16:55
> >>> A: dev@syncope.apache.org
> >>> Oggetto: Schema Mapping improvement
> >>>
> >>>
> >>> Hi guys,
> >>> since I see a strong limitation about the schema mapping
> >>> configuration I'd like to discuss with you about an improvement.
> >>>
> >>> From my PPOV Syncope should give the possibility to specify
> >>> two different mappings for synchronization and propagation.
> >>>
> >>> My suggestion is to provide two boolean flags: the former to
> >>> specify a propagation mapping and the latter to specify a
> >>> synchronization mapping.
> >>> Of course, each mapping must have a flag to true at least.
> >>>
> >>> WDYT?
> >>>
> >>> Regards,
> >>> F.
> >>>
> >>
>
>

Re: Support for encrypted schema attributes

2013-01-10 Thread ernst Developer 
Hi Francesco,
The list of requirements sounds reasonable. I have another question: where
does Syncope store the encryption key?
Regards,
Ernst


2013/1/10 Francesco Chicchiriccò 

> On 09/01/2013 19:37, Denis Signoretto wrote:
>
>> [...]
>> I agree with Fabio, probably this feature it's not so useful in most of
>> common cases.
>> I was imagining a general use cases where some user attributes, for
>> security reasons
>> or law restrictons, can't be stored cleartext; e.g. a sort of sencondary
>> password or
>> a PIN to use for instance to open doors or to enable a payment (some
>> online banking
>> use a secondary PIN to confirm a payment operation).
>>
>
> Hi all,
> let me summarize the requirements of this new "Encrypted Schema" (for what
> I have understood from recent e-mails).
>
> 1. Main purpose: store some arbitrary string values encrypted in the
> database; this can be enforced by law, for example.
>
> 2. When defining an encrypted schema, you must provide the cypher
> algorithm to be used and a passphrase.
> Such passphrase will be stored by Syncope as encrypted with an internal
> key (more or less like we are already doing with user passwords).
>
> 3. When creating an attribute with such schema, the value(s) will be
> automatically encrypted by Syncope using the provided algorithm and
> passphrase.
>
> 4. When reading an attribute with such schema (e.g. contained in an
> AttributeTO), the value(s) will be sent encrypted.
> Only who knows the algorithm and the passphrase will be able to decrypt.
> Moreover, you can think to make the admin console able to show such
> attribute value(s) as encrypted by default and to decrypt them on demand
> after asking for algorithm and passphase.
>
> 5. When propagating / synchronizing attribute with such schema,
> GuardedString will be used, not String.
>
> 6. When changing algorithm or passpshase of an existing schema, new values
> will be encrypted with these, old values will remain as they are.
> Naturally, one can provide an update procedure.
>
> Does it sound reasonable? If so I will open an issue for this.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~**ilgrosso/
>
>

Re: Problem with password policy and Configuration in console

2013-01-24 Thread ernst Developer 
Hi Marco,

Thanks for your reply. I hope you can find something fast.

I have indeed a custom content.xml. Find the file attached to this email.
It is a relative old copy of the original content.xml file from Syncope.

About the user I create: I tried to create the user in Syncope console.

Cheers,
Ernst


2013/1/24 Marco Di Sabatino Di Diodoro 

> Hi ernst,
>
> For reproduce your problem I need more information about Syncope.
> Have you a custom content.xml? You use a Password Policy from the default
> content?
>
> Can you tell me the parameters that you enter to create the user?
>
> I create/update Password Policy under Configuration but I haven't problem.
>
> M
>
> On Jan 24, 2013, at 1:21 PM, ernst Developer wrote:
>
> > Hi,
> >
> > I try to use the latest version of syncope (1.1.0-SNAPSHOT). I did a
> clean
> > build, and installed the latest version. Unfortunately I cannot create
> > users anymore. The error message:
> >
> > Error:{[InvalidSyncopeUser [Entry: InvalidPassword:
> > org.apache.syncope.types.PasswordPolicySpec]]}
> >
> > When I go to the configuration, I get the exception:
> >
> > Last cause: Argument 'modelObject' may not be null.
> > WicketMessage: Error attaching this container for rendering:
> > [WebMarkupContainer [Component id = body]]
> >
> > What should I do to solve these issues?
> >
> > Kind regards,
> > Ernst
>
> --
>
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 085973
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino
>
>
>
>
>
>

Re: Problem with password policy and Configuration in console

2013-01-24 Thread ernst Developer 
Hi Marco,
Of course, I did not realize that the change of the packages would impact
the content.xml as well.
Thanks a lot.
Regards,
Ernst


2013/1/24 Marco Di Sabatino Di Diodoro 

> Hi Ernst,
>
> I suggest you to make a diff of your content.xml file with the current
> content.xml (
> https://svn.apache.org/repos/asf/syncope/trunk/core/src/main/resources/content.xml
> )
> There are many differences from old to new file, for example
>
> org.apache.syncope.types.SyncPolicySpec
>
> to
>
> org.apache.syncope.common.types.SyncPolicySpec
>
>
> Good luck with your work :)
> Regards
> M
>
>
> On Jan 24, 2013, at 2:17 PM, ernst Developer wrote:
>
> > Hi Marco,
> >
> > Thanks for your reply. I hope you can find something fast.
> >
> > I have indeed a custom content.xml. Find the file attached to this email.
> > It is a relative old copy of the original content.xml file from Syncope.
> >
> > About the user I create: I tried to create the user in Syncope console.
> >
> > Cheers,
> > Ernst
> >
> >
> > 2013/1/24 Marco Di Sabatino Di Diodoro 
> > Hi ernst,
> >
> > For reproduce your problem I need more information about Syncope.
> > Have you a custom content.xml? You use a Password Policy from the
> default content?
> >
> > Can you tell me the parameters that you enter to create the user?
> >
> > I create/update Password Policy under Configuration but I haven't
> problem.
> >
> > M
> >
> > On Jan 24, 2013, at 1:21 PM, ernst Developer wrote:
> >
> > > Hi,
> > >
> > > I try to use the latest version of syncope (1.1.0-SNAPSHOT). I did a
> clean
> > > build, and installed the latest version. Unfortunately I cannot create
> > > users anymore. The error message:
> > >
> > > Error:{[InvalidSyncopeUser [Entry: InvalidPassword:
> > > org.apache.syncope.types.PasswordPolicySpec]]}
> > >
> > > When I go to the configuration, I get the exception:
> > >
> > > Last cause: Argument 'modelObject' may not be null.
> > > WicketMessage: Error attaching this container for rendering:
> > > [WebMarkupContainer [Component id = body]]
> > >
> > > What should I do to solve these issues?
> > >
> > > Kind regards,
> > > Ernst
> >
> > --
> >
> > Dott. Marco Di Sabatino Di Diodoro
> > Tel. +39 3939065570
> >
> > Tirasa S.r.l.
> > Viale D'Annunzio 267 - 65127 Pescara
> > Tel +39 0859116307 / FAX +39 085973
> > http://www.tirasa.net
> >
> > Apache Syncope PMC Member
> > http://people.apache.org/~mdisabatino
> >
> >
> >
> >
> >
> >
> > 
>
> --
>
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 085973
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino
>
>
>
>
>
>