You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Denis Signoretto <de...@intesys.it> on 2013/03/11 12:50:50 UTC
Password and account expiration features
Hi Syncopers,
I'm currently using Syncope 1.0.6 and I've just checked on Syncope roadmap [1].
The following features doesn't seams available or already included in the roadmap (am I wrong) ?
- Account Expiration (disable user on all resources that support enable/disable or change the password on resources that doesn't support it)
- Password Expiration/Expired (force password change - on Syncope and resources**)
- Grace Period: number of logins (or period) allowed after password expiration (on Syncope and resources**)
- Account Lock (explicit or automatic lock for a certain amount of time after a number of wrong credentials - on Syncope and resources**)
- Events/Notifications for account/password expiration, account/password expired, account locked
WDYT?
Best regards.
Denis.
** these features needs an enhanced connector that support it.
[1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
R: R: Password and account expiration features
Posted by Denis Signoretto <de...@intesys.it>.
> -----Messaggio originale-----
> Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
> Inviato: mercoledì 13 marzo 2013 09:21
> A: dev@syncope.apache.org
> Oggetto: Re: R: Password and account expiration features
>
>
> Il giorno 13/mar/2013, alle ore 09.09, Francesco Chicchiriccò ha scritto:
>
> > On 12/03/2013 16:00, Denis Signoretto wrote:
> >> Hi Fabio,
> >>
> >> Thanks for your response.
> >> Do you think it could be useful open an issue on Jira for these features? (if
> yes a can do it).
> >>
> >> I take a quick look to SampleJob and AbstractTaskJob classes.
> >> I think it could be useful allow a scheduled task to have configuration
> parameters.
> >> I guess it's possible to define and read global configuration parameters
> within a SchedTask.
> >>
> >> What do you think about possibility to enhance SchedTask to define and
> store it's own configuration parameters?
> >
> > Hi Denis,
> > you can define in any class extending AbstractTaskJob (as SampleJob
> > for example) the field
> >
> > @Autowired
> > private ConfDAO confDAO;
> >
> > and then access (read / write) any configuration parameter that you can
> also manage from the admin console, under the "Configuration ->
> Parameters".
> >
> > Is this what you are looking for?
>
> Hi Denis, I agree with Francesco: it should be better to use the global
> configuration parameters.
> From my PPOV the proposed SchedTask enhancement would require an big
> effort not so justified.
Hi Fabio,
I agree with you, it's a not a so critical feature.
The idea was just finalized to create a set of "SchedTask functionalities"
that can be easily configured through administrator console simplifying the user interface .
Anyway, the approach using Configuration Parameters it's good enough.
@Francesco: Thanks for your support
Best regards.
Denis
>
> Best regards,
> F.
>
> >
> > Regards.
> >
> >>> -----Messaggio originale-----
> >>> Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
> >>> Inviato: lunedì 11 marzo 2013 13:10
> >>> A: dev@syncope.apache.org
> >>> Oggetto: Re: Password and account expiration features
> >>>
> >>>
> >>> Il giorno 11/mar/2013, alle ore 12.50, Denis Signoretto ha scritto:
> >>>
> >>>> Hi Syncopers,
> >>>>
> >>>> I'm currently using Syncope 1.0.6 and I've just checked on Syncope
> >>> roadmap [1].
> >>>> The following features doesn't seams available or already included
> >>>> in the
> >>> roadmap (am I wrong) ?
> >>>>
> >>>> - Account Expiration (disable user on all resources that support
> >>> enable/disable or change the password on resources that doesn't
> >>> support it)
> >>>
> >>> Not yet available (explicitly, at least). This feature could be
> >>> implemented by scheduling an ad-hoc SchedTask.
> >>>
> >>>> - Password Expiration/Expired (force password change - on
> Syncope
> >>> and resources**)
> >>>
> >>> Not yet available (explicitly, at least). This feature could be
> >>> implemented by scheduling an ad-hoc SchedTask.
> >>>
> >>>> - Grace Period: number of logins (or period) allowed after
> password
> >>> expiration (on Syncope and resources**)
> >>>
> >>> Not yet available (explicitly, at least). This feature could be
> >>> implemented by scheduling an ad-hoc SchedTask.
> >>>
> >>>> - Account Lock (explicit or automatic lock for a certain amount of
> time
> >>> after a number of wrong credentials - on Syncope and resources**)
> >>>
> >>> Already available. Configurable by an account policy.
> >>>
> >>>> - Events/Notifications for account/password expiration,
> >>> account/password expired, account locked
> >>>
> >>> Not yet available (explicitly, at least). This feature could be
> >>> implemented by scheduling an ad-hoc SchedTask.
> >>>
> >>> Best regards,
> >>> F.
> >>>
> >>>> WDYT?
> >>>>
> >>>> Best regards.
> >>>> Denis.
> >>>>
> >>>> ** these features needs an enhanced connector that support it.
> >>>>
> >>>> [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
> >
> >
> > --
> > Francesco Chicchiriccò
> >
> > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> > http://people.apache.org/~ilgrosso/
> >
Re: R: Password and account expiration features
Posted by Fabio Martelli <fa...@gmail.com>.
Il giorno 13/mar/2013, alle ore 09.09, Francesco Chicchiriccò ha scritto:
> On 12/03/2013 16:00, Denis Signoretto wrote:
>> Hi Fabio,
>>
>> Thanks for your response.
>> Do you think it could be useful open an issue on Jira for these features? (if yes a can do it).
>>
>> I take a quick look to SampleJob and AbstractTaskJob classes.
>> I think it could be useful allow a scheduled task to have configuration parameters.
>> I guess it's possible to define and read global configuration parameters within a SchedTask.
>>
>> What do you think about possibility to enhance SchedTask to define and store it's own configuration parameters?
>
> Hi Denis,
> you can define in any class extending AbstractTaskJob (as SampleJob for example) the field
>
> @Autowired
> private ConfDAO confDAO;
>
> and then access (read / write) any configuration parameter that you can also manage from the admin console, under the "Configuration -> Parameters".
>
> Is this what you are looking for?
Hi Denis, I agree with Francesco: it should be better to use the global configuration parameters.
From my PPOV the proposed SchedTask enhancement would require an big effort not so justified.
Best regards,
F.
>
> Regards.
>
>>> -----Messaggio originale-----
>>> Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
>>> Inviato: lunedì 11 marzo 2013 13:10
>>> A: dev@syncope.apache.org
>>> Oggetto: Re: Password and account expiration features
>>>
>>>
>>> Il giorno 11/mar/2013, alle ore 12.50, Denis Signoretto ha scritto:
>>>
>>>> Hi Syncopers,
>>>>
>>>> I'm currently using Syncope 1.0.6 and I've just checked on Syncope
>>> roadmap [1].
>>>> The following features doesn't seams available or already included in the
>>> roadmap (am I wrong) ?
>>>>
>>>> - Account Expiration (disable user on all resources that support
>>> enable/disable or change the password on resources that doesn't support it)
>>>
>>> Not yet available (explicitly, at least). This feature could be implemented by
>>> scheduling an ad-hoc SchedTask.
>>>
>>>> - Password Expiration/Expired (force password change - on Syncope
>>> and resources**)
>>>
>>> Not yet available (explicitly, at least). This feature could be implemented by
>>> scheduling an ad-hoc SchedTask.
>>>
>>>> - Grace Period: number of logins (or period) allowed after password
>>> expiration (on Syncope and resources**)
>>>
>>> Not yet available (explicitly, at least). This feature could be implemented by
>>> scheduling an ad-hoc SchedTask.
>>>
>>>> - Account Lock (explicit or automatic lock for a certain amount of time
>>> after a number of wrong credentials - on Syncope and resources**)
>>>
>>> Already available. Configurable by an account policy.
>>>
>>>> - Events/Notifications for account/password expiration,
>>> account/password expired, account locked
>>>
>>> Not yet available (explicitly, at least). This feature could be implemented by
>>> scheduling an ad-hoc SchedTask.
>>>
>>> Best regards,
>>> F.
>>>
>>>> WDYT?
>>>>
>>>> Best regards.
>>>> Denis.
>>>>
>>>> ** these features needs an enhanced connector that support it.
>>>>
>>>> [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
>
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
Re: R: Password and account expiration features
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 12/03/2013 16:00, Denis Signoretto wrote:
> Hi Fabio,
>
> Thanks for your response.
> Do you think it could be useful open an issue on Jira for these features? (if yes a can do it).
>
> I take a quick look to SampleJob and AbstractTaskJob classes.
> I think it could be useful allow a scheduled task to have configuration parameters.
> I guess it's possible to define and read global configuration parameters within a SchedTask.
>
> What do you think about possibility to enhance SchedTask to define and store it's own configuration parameters?
Hi Denis,
you can define in any class extending AbstractTaskJob (as SampleJob for
example) the field
@Autowired
private ConfDAO confDAO;
and then access (read / write) any configuration parameter that you can
also manage from the admin console, under the "Configuration -> Parameters".
Is this what you are looking for?
Regards.
>> -----Messaggio originale-----
>> Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
>> Inviato: lunedì 11 marzo 2013 13:10
>> A: dev@syncope.apache.org
>> Oggetto: Re: Password and account expiration features
>>
>>
>> Il giorno 11/mar/2013, alle ore 12.50, Denis Signoretto ha scritto:
>>
>>> Hi Syncopers,
>>>
>>> I'm currently using Syncope 1.0.6 and I've just checked on Syncope
>> roadmap [1].
>>> The following features doesn't seams available or already included in the
>> roadmap (am I wrong) ?
>>>
>>> - Account Expiration (disable user on all resources that support
>> enable/disable or change the password on resources that doesn't support it)
>>
>> Not yet available (explicitly, at least). This feature could be implemented by
>> scheduling an ad-hoc SchedTask.
>>
>>> - Password Expiration/Expired (force password change - on Syncope
>> and resources**)
>>
>> Not yet available (explicitly, at least). This feature could be implemented by
>> scheduling an ad-hoc SchedTask.
>>
>>> - Grace Period: number of logins (or period) allowed after password
>> expiration (on Syncope and resources**)
>>
>> Not yet available (explicitly, at least). This feature could be implemented by
>> scheduling an ad-hoc SchedTask.
>>
>>> - Account Lock (explicit or automatic lock for a certain amount of time
>> after a number of wrong credentials - on Syncope and resources**)
>>
>> Already available. Configurable by an account policy.
>>
>>> - Events/Notifications for account/password expiration,
>> account/password expired, account locked
>>
>> Not yet available (explicitly, at least). This feature could be implemented by
>> scheduling an ad-hoc SchedTask.
>>
>> Best regards,
>> F.
>>
>>> WDYT?
>>>
>>> Best regards.
>>> Denis.
>>>
>>> ** these features needs an enhanced connector that support it.
>>>
>>> [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
R: Password and account expiration features
Posted by Denis Signoretto <de...@intesys.it>.
Hi Fabio,
Thanks for your response.
Do you think it could be useful open an issue on Jira for these features? (if yes a can do it).
I take a quick look to SampleJob and AbstractTaskJob classes.
I think it could be useful allow a scheduled task to have configuration parameters.
I guess it's possible to define and read global configuration parameters within a SchedTask.
What do you think about possibility to enhance SchedTask to define and store it's own configuration parameters?
Best Regards,
Denis.
> -----Messaggio originale-----
> Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
> Inviato: lunedì 11 marzo 2013 13:10
> A: dev@syncope.apache.org
> Oggetto: Re: Password and account expiration features
>
>
> Il giorno 11/mar/2013, alle ore 12.50, Denis Signoretto ha scritto:
>
> > Hi Syncopers,
> >
> > I'm currently using Syncope 1.0.6 and I've just checked on Syncope
> roadmap [1].
> > The following features doesn't seams available or already included in the
> roadmap (am I wrong) ?
> >
> >
> > - Account Expiration (disable user on all resources that support
> enable/disable or change the password on resources that doesn't support it)
>
> Not yet available (explicitly, at least). This feature could be implemented by
> scheduling an ad-hoc SchedTask.
>
> > - Password Expiration/Expired (force password change - on Syncope
> and resources**)
>
> Not yet available (explicitly, at least). This feature could be implemented by
> scheduling an ad-hoc SchedTask.
>
> > - Grace Period: number of logins (or period) allowed after password
> expiration (on Syncope and resources**)
>
> Not yet available (explicitly, at least). This feature could be implemented by
> scheduling an ad-hoc SchedTask.
>
> > - Account Lock (explicit or automatic lock for a certain amount of time
> after a number of wrong credentials - on Syncope and resources**)
>
> Already available. Configurable by an account policy.
>
> > - Events/Notifications for account/password expiration,
> account/password expired, account locked
>
> Not yet available (explicitly, at least). This feature could be implemented by
> scheduling an ad-hoc SchedTask.
>
> Best regards,
> F.
>
> > WDYT?
> >
> > Best regards.
> > Denis.
> >
> > ** these features needs an enhanced connector that support it.
> >
> > [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
Re: Password and account expiration features
Posted by Fabio Martelli <fa...@gmail.com>.
Il giorno 11/mar/2013, alle ore 12.50, Denis Signoretto ha scritto:
> Hi Syncopers,
>
> I'm currently using Syncope 1.0.6 and I've just checked on Syncope roadmap [1].
> The following features doesn't seams available or already included in the roadmap (am I wrong) ?
>
>
> - Account Expiration (disable user on all resources that support enable/disable or change the password on resources that doesn't support it)
Not yet available (explicitly, at least). This feature could be implemented by scheduling an ad-hoc SchedTask.
> - Password Expiration/Expired (force password change - on Syncope and resources**)
Not yet available (explicitly, at least). This feature could be implemented by scheduling an ad-hoc SchedTask.
> - Grace Period: number of logins (or period) allowed after password expiration (on Syncope and resources**)
Not yet available (explicitly, at least). This feature could be implemented by scheduling an ad-hoc SchedTask.
> - Account Lock (explicit or automatic lock for a certain amount of time after a number of wrong credentials - on Syncope and resources**)
Already available. Configurable by an account policy.
> - Events/Notifications for account/password expiration, account/password expired, account locked
Not yet available (explicitly, at least). This feature could be implemented by scheduling an ad-hoc SchedTask.
Best regards,
F.
> WDYT?
>
> Best regards.
> Denis.
>
> ** these features needs an enhanced connector that support it.
>
> [1] - https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap