No password propagation after User creation.

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

No password propagation after User creation.

HugoCerdeira
Hi,

I'm trying to propagate a User when creating it via rest services of the syncope-core, I'm able to create him successfully but I get this propagation error:

"propagationStatuses": [ 
  { 
     "beforeObj": null, 
     "afterObj": null, 
     "resource": "ofbizUsersPropagation", 
     "status": "FAILURE", 
     "failureReason": "Not attempted because there are mandatory attributes without value(s): [password]" 
} 

I'm sending the password on the rest services and the User is correctly created since I can log in using it.
I've tried turning return.password.value true/false but didn't make any difference, any tips?

Thanks,
Hugo Cerdeira.

Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

ilgrosso
Administrator
On 12/05/2017 11:31, Hugo Cerdeira wrote:
Hi,

I'm trying to propagate a User when creating it via rest services of the syncope-core, I'm able to create him successfully but I get this propagation error:

"propagationStatuses": [ 
  { 
     "beforeObj": null, 
     "afterObj": null, 
     "resource": "ofbizUsersPropagation", 
     "status": "FAILURE", 
     "failureReason": "Not attempted because there are mandatory attributes without value(s): [password]" 
} 

I'm sending the password on the rest services and the User is correctly created since I can log in using it.
I've tried turning return.password.value true/false but didn't make any difference, any tips?

What is the user mapping for that resource? Does it include password?
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

HugoCerdeira
yes, it does include the password: internal attribute=password; external attribute=password; mandatory = true

ilgrosso wrote
On 12/05/2017 11:31, Hugo Cerdeira wrote:
> Hi,
>
> I'm trying to propagate a User when creating it via rest services of
> the syncope-core, I'm able to create him successfully but I get this
> propagation error:
>
> "propagationStatuses": [
>   {
>      "beforeObj": null,
>      "afterObj": null,
>      "resource": "ofbizUsersPropagation",
>      "status": "FAILURE",
>      "failureReason": "Not attempted because there are mandatory
> attributes without value(s): [password]"
> }
>
> I'm sending the password on the rest services and the User is
> correctly created since I can log in using it.
> I've tried turning return.password.value true/false but didn't make
> any difference, any tips?

What is the user mapping for that resource? Does it include password?

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

ilgrosso
Administrator
On 12/05/2017 11:49, HugoCerdeira wrote:
> yes, it does include the password: internal attribute=password; external
> attribute=password; mandatory = true

Please provide more details about this mapping item: just read it via
REST and paste the JSON content (or a screenshot from Admin Console).
Regards.

> ilgrosso wrote
>> On 12/05/2017 11:31, Hugo Cerdeira wrote:
>>> Hi,
>>>
>>> I'm trying to propagate a User when creating it via rest services of
>>> the syncope-core, I'm able to create him successfully but I get this
>>> propagation error:
>>>
>>> "propagationStatuses": [
>>>    {
>>>       "beforeObj": null,
>>>       "afterObj": null,
>>>       "resource": "ofbizUsersPropagation",
>>>       "status": "FAILURE",
>>>       "failureReason": "Not attempted because there are mandatory
>>> attributes without value(s): [password]"
>>> }
>>>
>>> I'm sending the password on the rest services and the User is
>>> correctly created since I can log in using it.
>>> I've tried turning return.password.value true/false but didn't make
>>> any difference, any tips?
>> What is the user mapping for that resource? Does it include password?

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

HugoCerdeira
Here's the mapping:
"mapping": {
"connObjectLink": null,
"connObjectKeyItem": {
"key": "aea740be-78ea-4784-a740-be78ead784b3",
"intAttrName": "username",
"extAttrName": "userLoginId",
"connObjectKey": true,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
"items": [
  {
"key": "aea740be-78ea-4784-a740-be78ead784b3",
"intAttrName": "username",
"extAttrName": "userLoginId",
"connObjectKey": true,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
  {
"key": "644df499-7690-43c2-8df4-99769073c2c1",
"intAttrName": "email",
"extAttrName": "email",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "false",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
  {
"key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
"intAttrName": "password",
"extAttrName": "password",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},
  {
"key": "c721a1de-2b14-4028-a1a1-de2b14502805",
"intAttrName": "username",
"extAttrName": "userLogin",
"connObjectKey": false,
"password": false,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": "'{"userLoginId":"' + username + '","currentPassword":"' + password + '","currentPasswordVerify":"' + password + '"}'",
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
}
],

note that im trying to get the password on the propagationJEXLTransformer as well
ilgrosso wrote
On 12/05/2017 11:49, HugoCerdeira wrote:
> yes, it does include the password: internal attribute=password; external
> attribute=password; mandatory = true

Please provide more details about this mapping item: just read it via
REST and paste the JSON content (or a screenshot from Admin Console).
Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

ilgrosso
Administrator
This mapping item is wrong:

>    {
> "key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
> "intAttrName": "password",
> "extAttrName": "password",
> "connObjectKey": false,
> "password": false,
> "mandatoryCondition": "true",
> "purpose": "PROPAGATION",
> "propagationJEXLTransformer": null,
> "pullJEXLTransformer": null,
> "mappingItemTransformerClassNames": [],
> },

It should have been instead something like as:

   {
"key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
"intAttrName": "password",
"extAttrName": "__PASSWORD__",
"connObjectKey": false,
"password": true,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},

Note the difference in extAttrName and password fields.

This kind of mapping item is generated via Admin Console when you flag
'Password'.
Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

HugoCerdeira
Thanks for the quick replies,
I now can access the "__PASSWORD__" attribute but it shows as "__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
how can i get the encrypted value to propagate

ilgrosso wrote
This mapping item is wrong:

>    {
> "key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
> "intAttrName": "password",
> "extAttrName": "password",
> "connObjectKey": false,
> "password": false,
> "mandatoryCondition": "true",
> "purpose": "PROPAGATION",
> "propagationJEXLTransformer": null,
> "pullJEXLTransformer": null,
> "mappingItemTransformerClassNames": [],
> },

It should have been instead something like as:

   {
"key": "d721e6e2-c9dd-4966-a1e6-e2c9dd0966ef",
"intAttrName": "password",
"extAttrName": "__PASSWORD__",
"connObjectKey": false,
"password": true,
"mandatoryCondition": "true",
"purpose": "PROPAGATION",
"propagationJEXLTransformer": null,
"pullJEXLTransformer": null,
"mappingItemTransformerClassNames": [],
},

Note the difference in extAttrName and password fields.

This kind of mapping item is generated via Admin Console when you flag
'Password'.
Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

ilgrosso
Administrator
On 12/05/2017 12:15, HugoCerdeira wrote:
> Thanks for the quick replies,
> I now can access the "__PASSWORD__" attribute but it shows as
> "__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
> how can i get the encrypted value to propagate


You should use

org.identityconnectors.common.security.SecurityUtil#decrypt [1]

to get the clean password value.

HTH
Regards.

[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/common/security/SecurityUtil.html#decrypt(org.identityconnectors.common.security.GuardedString)

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: No password propagation after User creation.

HugoCerdeira
Thanks for all your help, i manage to make it work using your suggestion, much appreciated.

Hugo Cerdeira.


---- On Fri, 12 May 2017 11:23:49 +0100 ilgrosso [via syncope-user] <[hidden email]> wrote ----

On 12/05/2017 12:15, HugoCerdeira wrote:
> Thanks for the quick replies,
> I now can access the "__PASSWORD__" attribute but it shows as
> "__PASSWORD__:[org.identityconnectors.common.security.GuardedString@5f7aa78b]"
> how can i get the encrypted value to propagate


You should use

org.identityconnectors.common.security.SecurityUtil#decrypt [1]

to get the clean password value.

HTH
Regards.

[1]

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail





If you reply to this email, your message will be added to the discussion below:
To unsubscribe from No password propagation after User creation., click here.