Re: Realm Provisioning
Hi Jonas, I'm happy to see you have solved your issues. International characters should be supported by templates. If you have some trouble using them please open a new issue on jira. Thank you for reporting. Best regards, F. Il 11 luglio 2016 21:45:27 CEST, Jonas Israelsson ha scritto: > > >On 11/07/16 10:03, Fabio Martelli wrote: >> Il 09/07/2016 13:35, Jonas Israelsson ha scritto: >>> Saw SYNCOPE-898 was set to resolved yeasterday. So I tried it out >>> today, but can't get it working. I'we just mapped an ldap-filed (o >in >>> my case) to the realm filed. >>> >>> Tried to set both the realm path /elementary as well as the realm >>> uuid fetched from the db, and I can't see anything happening to my >>> testuser. >>> >>> I havent had time yet to try out also a clean vanilla installed >>> syncope. Just wanted first to double-check if I had misunderstood >the >>> function.. >>> >>> Thanks. >> Hi Jonas, I'm not sure to have well understood your configuration. >> Have you provided a pull task with a user template in order to >specify >> the destination realm? In case, are you sure you have used the right >> jexl expression? >> Please, provide some details more. >Was not aware of the template, if I should have, my apologizes. >Got it working now, thanks a million for the help. > >International Characters in realms, not supported ? > >Brgds, >Jonas -- Inviato dal mio cellulare Android con K-9 Mail.
Re: Realm Provisioning
On 11/07/16 10:03, Fabio Martelli wrote: Il 09/07/2016 13:35, Jonas Israelsson ha scritto: Saw SYNCOPE-898 was set to resolved yeasterday. So I tried it out today, but can't get it working. I'we just mapped an ldap-filed (o in my case) to the realm filed. Tried to set both the realm path /elementary as well as the realm uuid fetched from the db, and I can't see anything happening to my testuser. I havent had time yet to try out also a clean vanilla installed syncope. Just wanted first to double-check if I had misunderstood the function.. Thanks. Hi Jonas, I'm not sure to have well understood your configuration. Have you provided a pull task with a user template in order to specify the destination realm? In case, are you sure you have used the right jexl expression? Please, provide some details more. Was not aware of the template, if I should have, my apologizes. Got it working now, thanks a million for the help. International Characters in realms, not supported ? Brgds, Jonas
Authorisation with Syncope 2.x
Hello, Sorry once more :(
I would like to use Syncope in my app (using Spring Security) for user
authentication and authorisation.
I would like to know if mapping GrantedAuthority to Syncope's role is the way
to go ?I'm a bit lost, since there's also the notion of entitlements and groups.
In fact, when I look into syncope's code, I see : @PreAuthorize("hasRole('"
+ StandardEntitlement.ROLE_CREATE + "')")
public RoleTO create(final RoleTO roleTO) {
So I would say I should use entitlements and not roles.But entitlement appears
to be fixed (in StandardEntitlement class) and for syncope 'internal' use [1]
and [2] (aka checking if user has right to perform an action on syncope - and
not checking if user has right to peform action on whatever application).
Thanks,Adrian
P.S. Using Syncope 2.0.0-M2
[1]
http://syncope-user.1051894.n5.nabble.com/Entitlements-how-do-we-create-change-these-tp5707009p5707010.htmlentitlements
are not meant to be extended: their primary purpose is to define security
constraints on RESTful methods.
[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
Custom attributes for roles in syncope 2.x
Hello, I would like to know if there's a way to define custom attributes for roles (such as for User and Groups). I'm using syncope 2.0.0.M2. Thanks,Adrian
Re: Realm Provisioning
Il 09/07/2016 13:35, Jonas Israelsson ha scritto:
Saw SYNCOPE-898 was set to resolved yeasterday. So I tried it out
today, but can't get it working. I'we just mapped an ldap-filed (o in
my case) to the realm filed.
Tried to set both the realm path /elementary as well as the realm uuid
fetched from the db, and I can't see anything happening to my testuser.
I havent had time yet to try out also a clean vanilla installed
syncope. Just wanted first to double-check if I had misunderstood the
function..
Thanks.
Hi Jonas, I'm not sure to have well understood your configuration.
Have you provided a pull task with a user template in order to specify
the destination realm? In case, are you sure you have used the right
jexl expression?
Please, provide some details more.
Regards,
F.
On 7 July 2016 12:03:53 CEST, "Francesco Chicchiriccò"
wrote:
On 06/07/2016 16:53, Francesco Chicchiriccò wrote:
[...] About
I have the need to place users in realms preferably based
on a ldap attribute
you might want to add your own PullActions implementation, and
to configure it in your pull task. Take a look at [1] for an
example: you will have access to the LDAP attribute via
delta.getObject().getAttributeByName("your_attribute_name")
and then you can set the realm via userTO.setRealm(). Finally,
consider that standalone distribution won't allow this kind of
extensions, you will need to setup a Maven project.
Correction: making the
destination realm parametric should be actually
possible *without* the need of a dedicate pull action.
There are, though, some problems around it: see SYNCOPE-898 [2] for details.
Regards.
[1]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DBPasswordPullActions.java#L64-L75
[2]https://issues.apache.org/jira/browse/SYNCOPE-898
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
