Hi Bob, I've been running into similar issues.
> - /auth/getentitlements doesn't give me the roles of the connected user It gives you the list of entitlements associated with the roles of the connected user. Perhaps this controller should also have a similar method for returning a list of role names of the connected user as well? A question I have is whether the list of entitlements is only for the child roles or all of the entitlements associated with the role hierarchy? > - /user/read?username=user : gives me the user but only if I > authenticated with a user that has the possiblity to read other users > as well. This means I should have some kind of administration > connection to core instead of a user specific connection? Yes I think so. Your Tomcat user account should have the ability to read users/roles etc., and you authenticate as this user. I think there should possibly be an "authenticateUser" method or something similar that takes in a username/password and returns true or false depending on if there is a matching user in Syncope. > - if there are hierarchical roles, I only get the child role. I > suppose I have to walk the tree myself to retrieve the other roles? > i.e. based on response to role/list request? IMO there should be an easy way to get all roles of the user rather than having to walk the tree. Colm. On Fri, Mar 30, 2012 at 12:42 PM, Bob Lannoy <[email protected]> wrote: > Hi, > > suppose I have users & hierarchical roles in Syncope and an external > system (tomcat webapp) that needs to authenticate those users and get > the roles. > Can you give me an indication on how I would go about this? > > I did some preliminary tests: > - I can do an authentication to core using basic auth, but I saw that > the user object also contains the hashed password of the user > - /auth/getentitlements doesn't give me the roles of the connected user > - /user/read?username=user : gives me the user but only if I > authenticated with a user that has the possiblity to read other users > as well. This means I should have some kind of administration > connection to core instead of a user specific connection? > - if there are hierarchical roles, I only get the child role. I > suppose I have to walk the tree myself to retrieve the other roles? > i.e. based on response to role/list request? > regards > > Bob -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
