You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/07/01 14:07:24 UTC

[jira] [Commented] (SYNCOPE-313) Support synchronizing non-cleartext passwords from external resources

    [ https://issues.apache.org/jira/browse/SYNCOPE-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048797#comment-14048797 ] 

Colm O hEigeartaigh commented on SYNCOPE-313:
---------------------------------------------

Integration tests merged for SYNCOPE-505. Is there any example of a SyncTask executing successfully in the integration test-code? The idea I had was to extend the tests in SYNCOPE-505, by changing the local password, and then sync'ing from the resource again + checking the password was changed. When I add a SyncTask via something like this, it doesn't seem to have fired (in time?) and the user is not updated:

 SyncTaskTO syncTask = new SyncTaskTO();
        syncTask.setName("DB Sync Task");
        syncTask.setDescription("DB Sync Task description");
        syncTask.setPerformCreate(true);
        syncTask.setPerformUpdate(true);
        syncTask.setFullReconciliation(true);
        syncTask.setResource(RESOURCE_NAME_TESTDB);
        syncTask.setStartDate(new Date());
        syncTask.getActionsClassNames().add(DBPasswordSyncActions.class.getName());
        Response taskResponse = taskService.create(syncTask);
        String taskId = taskResponse.getHeaderString(RESTHeaders.RESOURCE_ID);
        TaskExecTO taskExec = taskService.execute(Long.valueOf(taskId), false);

Any ideas?

Colm.

> Support synchronizing non-cleartext passwords from external resources
> ---------------------------------------------------------------------
>
>                 Key: SYNCOPE-313
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-313
>             Project: Syncope
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.2.0
>
>
> Currently we can synchronize cleartext passwords from external resources. However, we can't handle non-cleartext passwords, as they get treated as if they are plaintext passwords when imported into Syncope, and hence hashed again according to user.cipherAlgorithm().
> This task is to treat an imported password as hashed according to a give cipher algorithm configured on the connector (for example via 'Password Cipher Algorithm' for the DB Connector). 
> This is specific to each individual connector, as for example for the DB Connector, it might just be a hashed value stored in a table, whereas for LDAP it'll be of the form "CIPHER}VALUE" etc.
> Note that we we cannot refer to any specific connector bundle from inside the SyncopeSyncResultHandler, hence we should find the cleanest place to encapsulate the following logic:
> if (password.isClearText()) {
> // do as currently done
> } else {
>   if (connector.isLDAP()) {
>    // extract cipher and value
>   } else if (connector.isDBTable()) {
>    // treat value as ciphered with the cipher defined in connector configuration
>   } else {
>     ...
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.2#6252)