You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Antony Pulicken <an...@gmail.com> on 2012/05/02 11:31:24 UTC
Displaying clear text passwords/confidential information in Syncope
Hi,
1) We don't want to display/store some of the connector properties as CLEAR
TEXT in Syncope. Can you please explain how this can be configured?
2) We have to do the same for some user attributes as well ? Is this
possible ?
Thanks and Regards,
Antony.
Re: Displaying clear text passwords/confidential information in Syncope
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 02/05/2012 13:00, Fabio Martelli wrote:
> Il giorno 02/mag/2012, alle ore 11.31, Antony Pulicken ha scritto:
>> Hi,
>>
>> 1) We don't want to display/store some of the connector properties as CLEAR TEXT in Syncope. Can you please explain how this can be configured?
> Hi Antony,
> you can hide a connector attribute configuring it (on the connector configuration class) to be confidential.
> For example:
>
> @ConfigurationProperty(order = 5, confidential = true,
> displayMessageKey = "PASSWORD_DISPLAY",
> helpMessageKey = "PASSWORD_HELP")
> public GuardedString getPassword() {
> return this.password;
> }
>
> Please, consider that in this way you can solve the problem related to the "display" but not to the "store".
> I think that the connector framework doesn't give the possibility to store a value ciphering it before.
Well, actually, this "confidential" parameter is currently ignored by
console: ResourceConnConfPanel and ConnectorModalPage rely upon the
property class for deciding whether to show the corresponding form input
as password:
if
(GUARDED_STRING.equalsIgnoreCase(property.getSchema().getType())
||
GUARDED_BYTE_ARRAY.equalsIgnoreCase(property.getSchema().getType())) {
field = new AjaxPasswordFieldPanel("panel",
label.getDefaultModelObjectAsString(), new Model());
((PasswordTextField)
field.getField()).setResetPassword(false);
required = property.getSchema().isRequired();
}
For other side, I am not sure that it's wise to render as password every
form input with "confidential == true": what about input validation in
this case?
Anyway, for Anthony's specific need, I think that he has currently no
choice but overriding the above mentioned classes.
>> 2) We have to do the same for some user attributes as well ? Is this possible ?
> You have to customize the console.
Agree,
--
Francesco Chicchiriccò
Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
Re: Displaying clear text passwords/confidential information in Syncope
Posted by Fabio Martelli <fa...@gmail.com>.
Il giorno 02/mag/2012, alle ore 11.31, Antony Pulicken ha scritto:
> Hi,
>
> 1) We don't want to display/store some of the connector properties as CLEAR TEXT in Syncope. Can you please explain how this can be configured?
Hi Antony,
you can hide a connector attribute configuring it (on the connector configuration class) to be confidential.
For example:
@ConfigurationProperty(order = 5, confidential = true,
displayMessageKey = "PASSWORD_DISPLAY",
helpMessageKey = "PASSWORD_HELP")
public GuardedString getPassword() {
return this.password;
}
Please, consider that in this way you can solve the problem related to the "display" but not to the "store".
I think that the connector framework doesn't give the possibility to store a value ciphering it before.
> 2) We have to do the same for some user attributes as well ? Is this possible ?
You have to customize the console.
Regards,
F.