You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Ravindra Singareddy <si...@hotmail.com> on 2017/02/14 13:48:13 UTC
Using email as authentication in addition to user name
Good Morning Syncope Users,
I have a simple use case of authenticating users using email in addition to the username. What will be best practices approach, to make an addition to existing code base without losing integrity?
Your help in this regard is greatly appreciated.
Thanks
Ravi
Re: Using email as authentication in addition to user name
Posted by Ravindra Singareddy <si...@hotmail.com>.
Hi Francesco,
1) Created (SYNCOPE-1015) User Authentication using email
2) created a project from maven archetype.
3) Modified source code as per instructions, as reference [3]
4) Did testing using RESTFul API and from syncope enduser GUI, both of them failed.
Analysis of Failure:
4) Search based on user email worked and password is authenticated successfully for email.
5) The authentication method is returning true.
6) After successful authentication client calls self method
Pair<Map<String, Set<String>>, UserTO> self = client.self();
7) Client self, in turn, calls createServiceInstance method of RestClientFactoryBean and which is throwing error.
Thanks
Ravi
________________________________
From: Francesco Chicchiriccò <il...@apache.org>
Sent: Tuesday, February 14, 2017 8:10 PM
To: dev@syncope.apache.org
Subject: Re: Using email as authentication in addition to user name
On 14/02/2017 14:48, Ravindra Singareddy wrote:
> Good Morning Syncope Users,
>
> I have a simple use case of authenticating users using email in addition to the username. What will be best practices approach, to make an addition to existing code base without losing integrity?
Hi Ravi,
there is currently no OOTB support for authenticating users by anything
but username.
This looks, however, like a nice feature: one can think to add a new
configuration parameter [1] enlisting the attribute(s) that can be used
for authentication (for example, ["username", "email",
"socialSecurityNumber"]), and Syncope will attempt authentication
against the configured parameters, in order, until one succeeds or all fail.
Would you mind opening a new feature issue on JIRA?
The code responsible for the current behavior is [2].
Until the new feature will be added, you might also have the possibility
to do something similar, even if it is not trivial.
Essentially, you will need to, in your own local project (please note
that I am not talking of Syncope sources, but of the project you should
have generated from archetype):
1. create the directory
core/spring/src/main/java/org/apache/syncope/core/spring/security
2. download the class of [2] and place it in the directory created above
3. replace the line [2] with the logic for authenticating via email
address, that I have sketched in [3]
This *should* work, even though I have no time right now to give it a try.
HTH
Regards.
[1]
https://syncope.apache.org/docs/reference-guide.html#configuration-parameters
Apache Syncope 2.0.1 - Reference Guide<https://syncope.apache.org/docs/reference-guide.html#configuration-parameters>
syncope.apache.org
This reference guide covers Apache Syncope services for identity management, provisioning, and compliance.
[2]
https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L133
syncope/AuthDataAccessor.java at 2_0_X · apache/syncope · GitHub<https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L133>
github.com
syncope - Mirror of Apache Syncope
[3] https://paste.apache.org/iodX
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Tirasa - Open Source Excellence<http://www.tirasa.net/>
www.tirasa.net
University of Porto opts for Tirasa and Apache Syncope. Benchmark institution for Higher Education and Scientific Research in Portugal goes for Open Source Identity ...
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Francesco Chicchiriccò / The Apache Software Foundation<http://home.apache.org/~ilgrosso/>
home.apache.org
About me. My name is Francesco Chicchiriccò, and my surname has been a tricky challenge since I was born in 1977, every time I had to get in touch with any public ...
Re: Using email as authentication in addition to user name
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 14/02/2017 14:48, Ravindra Singareddy wrote:
> Good Morning Syncope Users,
>
> I have a simple use case of authenticating users using email in addition to the username. What will be best practices approach, to make an addition to existing code base without losing integrity?
Hi Ravi,
there is currently no OOTB support for authenticating users by anything
but username.
This looks, however, like a nice feature: one can think to add a new
configuration parameter [1] enlisting the attribute(s) that can be used
for authentication (for example, ["username", "email",
"socialSecurityNumber"]), and Syncope will attempt authentication
against the configured parameters, in order, until one succeeds or all fail.
Would you mind opening a new feature issue on JIRA?
The code responsible for the current behavior is [2].
Until the new feature will be added, you might also have the possibility
to do something similar, even if it is not trivial.
Essentially, you will need to, in your own local project (please note
that I am not talking of Syncope sources, but of the project you should
have generated from archetype):
1. create the directory
core/spring/src/main/java/org/apache/syncope/core/spring/security
2. download the class of [2] and place it in the directory created above
3. replace the line [2] with the logic for authenticating via email
address, that I have sketched in [3]
This *should* work, even though I have no time right now to give it a try.
HTH
Regards.
[1]
https://syncope.apache.org/docs/reference-guide.html#configuration-parameters
[2]
https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L133
[3] https://paste.apache.org/iodX
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/