You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Hugo Cerdeira <hu...@skrey-software.com> on 2017/05/12 09:31:49 UTC
No password propagation after User creation.
Hi,
I'm trying to propagate a User when creating it via rest services of the syncope-core, I'm able to create him successfully but I get this propagation error:
"propagationStatuses": [
{
"beforeObj": null,
"afterObj": null,
"resource": "ofbizUsersPropagation",
"status": "FAILURE",
"failureReason": "Not attempted because there are mandatory attributes without value(s): [password]"
}
I'm sending the password on the rest services and the User is correctly created since I can log in using it.
I've tried turning return.password.value true/false but didn't make any difference, any tips?
Thanks,
Hugo Cerdeira.
Re: No password propagation after User creation.
Posted by HugoCerdeira <hu...@skrey-software.com>.
Thanks for all your help, i manage to make it work using your suggestion, much appreciated.
Hugo Cerdeira.
---- On Fri, 12 May 2017 11:23:49 +0100 ilgrosso [via syncope-user] <ml+s1051894n5709220h30@n5.nabble.com> wrote ----
On 12/05/2017 12:15, HugoCerdeira wrote:
> Thanks for the quick replies,
> I now can access the "__PASSWORD__" attribute but it shows as
> "__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
> how can i get the encrypted value to propagate
You should use
org.identityconnectors.common.security.SecurityUtil#decrypt [1]
to get the clean password value.
HTH
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/common/security/SecurityUtil.html#decrypt(org.identityconnectors.common.security.GuardedString)
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
If you reply to this email, your message will be added to the discussion below:
http://syncope-user.1051894.n5.nabble.com/No-password-propagation-after-User-creation-tp5709213p5709220.html
To unsubscribe from No password propagation after User creation., click here.
NAML
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/No-password-propagation-after-User-creation-tp5709213p5709222.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: No password propagation after User creation.
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 12/05/2017 12:15, HugoCerdeira wrote:
> Thanks for the quick replies,
> I now can access the "__PASSWORD__" attribute but it shows as
> "__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
> how can i get the encrypted value to propagate
You should use
org.identityconnectors.common.security.SecurityUtil#decrypt [1]
to get the clean password value.
HTH
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/common/security/SecurityUtil.html#decrypt(org.identityconnectors.common.security.GuardedString)
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: No password propagation after User creation.
Posted by HugoCerdeira <hu...@skrey-software.com>.
Thanks for the quick replies,
I now can access the "__PASSWORD__" attribute but it shows as
"__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
how can i get the encrypted value to propagate
ilgrosso wrote
> This mapping item is wrong:
>
>> {
>> "key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
>> "intAttrName": "password",
>> "extAttrName": "password",
>> "connObjectKey": false,
>> "password": false,
>> "mandatoryCondition": "true",
>> "purpose": "PROPAGATION",
>> "propagationJEXLTransformer": null,
>> "pullJEXLTransformer": null,
>> "mappingItemTransformerClassNames": [],
>> },
>
> It should have been instead something like as:
>
> {
> "key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
> "intAttrName": "password",
> "extAttrName": "__PASSWORD__",
> "connObjectKey": false,
> "password": true,
> "mandatoryCondition": "true",
> "purpose": "PROPAGATION",
> "propagationJEXLTransformer": null,
> "pullJEXLTransformer": null,
> "mappingItemTransformerClassNames": [],
> },
>
> Note the difference in extAttrName and password fields.
>
> This kind of mapping item is generated via Admin Console when you flag
> 'Password'.
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/No-password-propagation-after-User-creation-tp5709213p5709219.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: No password propagation after User creation.
Posted by Francesco Chicchiriccò <il...@apache.org>.
This mapping item is wrong:
> {
> "key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
> "intAttrName": "password",
> "extAttrName": "password",
> "connObjectKey": false,
> "password": false,
> "mandatoryCondition": "true",
> "purpose": "PROPAGATION",
> "propagationJEXLTransformer": null,
> "pullJEXLTransformer": null,
> "mappingItemTransformerClassNames": [],
> },
It should have been instead something like as:
{
"key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
"intAttrName": "password",
"extAttrName": "__PASSWORD__",
"connObjectKey": false,
"password": true,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
Note the difference in extAttrName and password fields.
This kind of mapping item is generated via Admin Console when you flag
'Password'.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: No password propagation after User creation.
Posted by HugoCerdeira <hu...@skrey-software.com>.
Here's the mapping:
"mapping": {
"connObjectLink": null,
"connObjectKeyItem": {
"key": "aea740be-78ea-4784-a740-be78ead784b3",
"intAttrName": "username",
"extAttrName": "userLoginId",
"connObjectKey": true,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
"items": [
{
"key": "aea740be-78ea-4784-a740-be78ead784b3",
"intAttrName": "username",
"extAttrName": "userLoginId",
"connObjectKey": true,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
{
"key": "644df499-7690-43c2-8df4-99769073c2c1",
"intAttrName": "email",
"extAttrName": "email",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "false",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
{
"key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
"intAttrName": "password",
"extAttrName": "password",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
{
"key": "c721a1de-2b14-4028-a1a1-de2b14502805",
"intAttrName": "username",
"extAttrName": "userLogin",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": "'{"userLoginId":"' + username +
'","currentPassword":"' + password + '","currentPasswordVerify":"' +
password + '"}'",
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
}
],
note that im trying to get the password on the propagationJEXLTransformer as
well
ilgrosso wrote
> On 12/05/2017 11:49, HugoCerdeira wrote:
>> yes, it does include the password: internal attribute=password; external
>> attribute=password; mandatory = true
>
> Please provide more details about this mapping item: just read it via
> REST and paste the JSON content (or a screenshot from Admin Console).
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/No-password-propagation-after-User-creation-tp5709213p5709217.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: No password propagation after User creation.
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 12/05/2017 11:49, HugoCerdeira wrote:
> yes, it does include the password: internal attribute=password; external
> attribute=password; mandatory = true
Please provide more details about this mapping item: just read it via
REST and paste the JSON content (or a screenshot from Admin Console).
Regards.
> ilgrosso wrote
>> On 12/05/2017 11:31, Hugo Cerdeira wrote:
>>> Hi,
>>>
>>> I'm trying to propagate a User when creating it via rest services of
>>> the syncope-core, I'm able to create him successfully but I get this
>>> propagation error:
>>>
>>> "propagationStatuses": [
>>> {
>>> "beforeObj": null,
>>> "afterObj": null,
>>> "resource": "ofbizUsersPropagation",
>>> "status": "FAILURE",
>>> "failureReason": "Not attempted because there are mandatory
>>> attributes without value(s): [password]"
>>> }
>>>
>>> I'm sending the password on the rest services and the User is
>>> correctly created since I can log in using it.
>>> I've tried turning return.password.value true/false but didn't make
>>> any difference, any tips?
>> What is the user mapping for that resource? Does it include password?
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: No password propagation after User creation.
Posted by HugoCerdeira <hu...@skrey-software.com>.
yes, it does include the password: internal attribute=password; external
attribute=password; mandatory = true
ilgrosso wrote
> On 12/05/2017 11:31, Hugo Cerdeira wrote:
>> Hi,
>>
>> I'm trying to propagate a User when creating it via rest services of
>> the syncope-core, I'm able to create him successfully but I get this
>> propagation error:
>>
>> "propagationStatuses": [
>> {
>> "beforeObj": null,
>> "afterObj": null,
>> "resource": "ofbizUsersPropagation",
>> "status": "FAILURE",
>> "failureReason": "Not attempted because there are mandatory
>> attributes without value(s): [password]"
>> }
>>
>> I'm sending the password on the rest services and the User is
>> correctly created since I can log in using it.
>> I've tried turning return.password.value true/false but didn't make
>> any difference, any tips?
>
> What is the user mapping for that resource? Does it include password?
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/No-password-propagation-after-User-creation-tp5709213p5709215.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: No password propagation after User creation.
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 12/05/2017 11:31, Hugo Cerdeira wrote:
> Hi,
>
> I'm trying to propagate a User when creating it via rest services of
> the syncope-core, I'm able to create him successfully but I get this
> propagation error:
>
> "propagationStatuses": [
> {
> "beforeObj": null,
> "afterObj": null,
> "resource": "ofbizUsersPropagation",
> "status": "FAILURE",
> "failureReason": "Not attempted because there are mandatory
> attributes without value(s): [password]"
> }
>
> I'm sending the password on the rest services and the User is
> correctly created since I can log in using it.
> I've tried turning return.password.value true/false but didn't make
> any difference, any tips?
What is the user mapping for that resource? Does it include password?
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/