Re: Timing differences in pull and push tasks
Hi Lynn, please read in line. Il 29/07/19 23:58, lfinch ha scritto: Hello - I'm running a 2.1.2 implementation and have 9 plain schema defined. I'm using CSVDIR as connector. Pull task is set to full recon, matching=update, unmatching = provision (create/update/sync). Push task is also matching=update, unmatching = provision (create/update/sync). I'm using the same connector and external resource for push and pull. No fancy mapping. All very vanilla. Here are my questions. The pull processes about 160 records per minute, about 25-26 at a time. The push processes about 32 records per minute, 5 at a time. 1) We need to improve speed overall. Our initial production load will be 200K. Any suggestions on where we can tweak for higher throughput? For production like yours and in general for increase performance I can suggest you to not use the CSVDIR as a connector. This connector is not the best one in order to have a performing environment. 2) Why is there such a different in pull and push task performance? There is a performance gap between the pull and the push simply because the pull is more complex than the push: during the pull there are matches to do with the Syncope internal entities. In order to improve speed overall, are you already using PostgreSQL as a DBMS? Using PostreSQL + JSON can, for sure, increase the performance like you can see here [1]. You can find a reference in [2] about PostgreSQL and JSONB. Thanks! Lynn -- Sent from: http://syncope-user.1051894.n5.nabble.com/ [1] https://www.tirasa.net/blog/benchmarking-apache-syncope-on-postgresql [2] https://syncope.apache.org/docs/2.1/reference-guide.html#postgresql-jsonb Best regards, -- Dott. Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope Committer http://people.apache.org/phonebook.html?uid=loredicola
Re: Timing differences in pull and push tasks
Hi Lynn, Il 31/07/19 17:05, lfinch ha scritto: Hi, Lorenzo! Some follow up questions. and in general for increase performance I can suggest you to not use the CSVDIR as a connector. This connector is not the best one in order to have a performing environment What do you recommend? (It would be nice if we could produce output in XML) If you want to produce an XML as an output for sure you have to translate the output of the connector in XML because there is none connector that produce output in XML. If you are using CSVDIR connector I think that now you are translating the output from CSV to XML, am I right? There is a performance gap between the pull and the push simply because the pull is more complex than the push That makes sense, but our pull is running at approximately 160 records per minute and the push is running about 30 records per minute. I would've expected the push to be quicker as well. In this case I think that the cause of your delay is the CSVDIR connector: the push is running 30 records per minute (less than the pull) because you are/writing to file with this connector. For this reason too I suggest you to not use the CSVDIR connector. An example of connector that I think can help you is the Scripted SQL one. If you are using CSV maybe you can translate all your data in a database instance (some utilities can help you) and so have a connector that do not read/write from a file but from a database./ // <https://context.reverso.net/traduzione/inglese-italiano/Writing+to+file> In order to improve speed overall, are you already using PostgreSQL as a DBMS? We are using MySQL, it's a company standard. Thank you! Lynn -- Sent from: http://syncope-user.1051894.n5.nabble.com/ Best regards, -- Dott. Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope Committer http://people.apache.org/phonebook.html?uid=loredicola
Re: Syncope Account Creation Notifications
Hi Mike, please read inline. Il 24/06/20 14:21, PortalGuard ha scritto: Hello Everyone, Currently, I have syncope configured to send an email to the end user whenever an account is created. Unfortunately the returned password is encrypted with AES, which is rather useless to the user. I have read in the Reference Guide that the cleartext password is available 'on-demand' if we are using AES encryption. See 3.2.1 of the Reference Guide. http://syncope.apache.org/docs/reference-guide.html#type-management Does anyone know of a way to decrypt the AES password and send the cleartext password to the enduser? first of all I would say that sending cleartext password in e-mails is definitely a security bad practice. Sending notification with the cleartext password is not a default setting in Syncope (exactly because of what I just said about best practice). Doing that I think you should create a custom notification where you can: decrypt the password, set the result cleartext password in a variable and so, finally, you can have the desired password. Of course you have to create the custom notification template where you'll get this new variable. An example to how decode AES password is here [1]. Thank you, Mike -- Sent from: http://syncope-user.1051894.n5.nabble.com/ HTH Best regards, Lorenzo [1] https://github.com/apache/syncope/blob/2_1_X/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java#L55 -- Dott. Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope Committer http://people.apache.org/phonebook.html?uid=loredicola
Re: SCIM assistance
Hello Jeff, nice to hear your interest in Apache Syncope, I hope you're working with 3.0.X version. If I understand correctly you want to *pull *[1] users from SCIM resource. In order to do that, you have to configure in *Topology* section [2] your SCIM *Connector* [3] and *Resource* [4] as well. Once all is configured well and in your *mapping *[5] you'll have all the external attributes mapped with your internal one you should be able to pull from your SCIM resource and so import users in Syncope. HTH, Best Regards, Lorenzo [1] https://syncope.apache.org/docs/reference-guide.html#policies-pull [2] https://syncope.apache.org/docs/reference-guide.html#pages [3] https://syncope.apache.org/docs/reference-guide.html#connector-bundles [4] https://syncope.apache.org/docs/reference-guide.html#external-resource-details [5] https://syncope.apache.org/docs/reference-guide.html#mapping Il giorno mer 15 mar 2023 alle ore 00:21 Jeff Davis ha scritto: > Hi, > > I downloaded the Standalone version of Syncope, and it appears to be > running fine via the syncope-console. However, I would like to issue SCIM > requests to bring back a list of users etc. It’s really unclear to me where > to begin with that? What is the endpoint I should use, and how should I > authenticate my requests (I can use the same authentication guidelines as > shown for the REST requests). > > If there were a few CURL examples I could follow, that would be awesome. > > Jeff > -- > > > The information contained in this e-mail may be confidential. It has been > sent for the sole use of the intended recipient(s). If the reader of this > message is not an intended recipient, you are hereby notified that any > unauthorized review, use, disclosure, dissemination, distribution or > copying of this communication, or any of its contents, is strictly > prohibited. If you have received it by mistake please let us know by > e-mail > immediately and delete it from your system. Many thanks. > > > > La información > contenida en este mensaje puede ser confidencial. Ha sido enviada para el > uso exclusivo del destinatario(s) previsto. Si el lector de este mensaje > no > fuera el destinatario previsto, por el presente queda Ud. notificado que > cualquier lectura, uso, publicación, diseminación, distribución o copiado > de esta comunicación o su contenido está estrictamente prohibido. En caso > de que Ud. hubiera recibido este mensaje por error le agradeceremos > notificarnos por e-mail inmediatamente y eliminarlo de su sistema. Muchas > gracias. > > -- -- Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net Apache Syncope Committerhttp://people.apache.org/phonebook.html?uid=loredicola
Re: AD Connector - assign group on different OU
Hi Fabio, I'm glad to hear your interest in Apache Syncope. If you want to propagate with some custom logic, in general, you should create your custom ProgatationActions, so implementing PropagationActions class [1]. Here you can create your custom logic and so propagate informations based on it and then you are able to propagate in different OU too. If can help, you can take a look at this [2], it's an example of custom PropagationActions. HTH, Best regards, Lorenzo [1] https://github.com/apache/syncope/blob/syncope-2.1.10/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/propagation/PropagationActions.java [2] https://github.com/apache/syncope/blob/syncope-2.1.10/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java Il giorno gio 13 apr 2023 alle ore 11:06 Fabio Contessi < f.conte...@gmail.com> ha scritto: > Hi everyone, > I'm using Apache Syncope 2.1.10 and I have a problem with the assigment of > the Active Directory Groups. > > The problem is that on the AD the groups are on different OU, for example: > - CN=Group1,OU=ou1,DC=domain,DC=local > - CN=Group2,OU=ou2,DC=domain,DC=local > > In the provinsioning rules of the connector if I configure one of the OU > in the Object Link only the groups in that OU will be assigne. > If I remove the Object Link no groups will be assign. > > Is there a solution for my case? > > Thanks > best reguards > > Fabio Contessi > -- -- Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net Apache Syncope Committerhttp://people.apache.org/phonebook.html?uid=loredicola
Re: Set admin password through variable
Hello Michele,
I'm glad about your interest in Apache Syncope!
In Syncope, Admin credential, as per documentation [1], is set into a
property file, in core.properties exactly.
If you want to use an environment variable, I think you can use the Spring
Boot configuration for environment variables inside property file.
Something like:
security.adminPassword=${MYPROP}
so set it into docker-compose as environment.
[1]
https://syncope.apache.org/docs/reference-guide.html#set-admin-credentials
HTH,
Best regards,
Il giorno gio 1 giu 2023 alle ore 15:19 Michele Andreoli <
michi.andre...@gmail.com> ha scritto:
> Hi!
>
> Is there a way to set the superadmin password of Syncope 3 without
> recompiling the source code?
>
> For example an env variable (that I can put into a docker-compose).
> Actually I don't find any way except changing the password inside the
> pom.xml of the source code.
>
> Thank you.
>
> --
> *Michele Andreoli*
>
--
--
Lorenzo Di Cola
Software Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net
Apache Syncope Committer
Syncope PMC Member at The Apache Software Foundation
http://people.apache.org/phonebook.html?uid=loredicola
Re: Newbie question
Hi Rajesh, I'm glad for your interest in Apache Syncope. First of all I'm hoping you're running it on linux :) I'm assuming it for this response. Let's assume you want to start the standalone configuration so you're following documentation [1]. After downloaded the standalone configuration, started the tomcat you'll have Core at [2] and Console at [3]. As per provided informations I can see you're setup some keystore for SSL I think, but you're calling services in HTTP. Maybe you're mixing something. FYI you can start Apache Syncope in embedded mode too [4]. This solution could be easier if you want to code with it. I'll need to create your project with maven following [5] and so start it following [4]. [1] https://syncope.apache.org/docs/3.0/getting-started.html#standalone [2] http://localhost:9080/syncope/ [3] http://localhost:9080/syncope-console/ [4] https://syncope.apache.org/docs/3.0/getting-started.html#embedded-mode [5] https://syncope.apache.org/docs/3.0/getting-started.html#maven-project HTH Best regards, Lorenzo Il giorno dom 18 feb 2024 alle ore 20:50 Rajesh Kanade ha scritto: > Hi syncope users, > > I am newbie to syncope and trying to install it so I can play with it. > > After syncope standalone or docker installation , I can successfully see > the page > http://localhost:18080/syncope/ page . > > As next step if I try to go to syncope-console page by accessing > http://localhost:28080/syncope-console/, I always see this error > Whitelabel Error Page > > This application has no explicit mapping for /error, so you are seeing > this as a fallback. > Sun Feb 18 19:10:45 UTC 2024 > There was an unexpected error (type=Internal Server Error, status=500). > > I also see following errors on the console > java.util.concurrent.CompletionException: > javax.ws.rs.ProcessingException: javax.net.ssl.SSLException: Unrecognized > SSL message, plaintext connection? > syncope-console-1 |at > java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315) > syncope-console-1 |at > java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:320) > syncope-console-1 |at > java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1770) > syncope-console-1 |at > java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760) > syncope-console-1 |at > java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) > syncope-console-1 |at > java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182) > syncope-console-1 |at > java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655) > syncope-console-1 |at > java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622) > syncope-console-1 |at > java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) > > It appears that something is missing on keystore / certificate side but > not able to pinpoint. Any help will be highly appreciated > > Regards > Rajesh > -- -- Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net Apache Syncope Committer Syncope PMC Member at The Apache Software Foundation http://people.apache.org/phonebook.html?uid=loredicola
Re: CUSTOM events in Audit
Hi Linonel, yes, using PostgreSQL JSONB means you're storing audit on db, as you said about "auditentry" table. You can take care about AnySearchDAO bean, you should use the one of type PGJPAJSONAnySearchDAO in order to use PostgreSQL feature. HTH Lorenzo Il giorno lun 27 nov 2023 alle ore 09:25 Lionel SCHWARZ < lionel.schw...@in2p3.fr> ha scritto: > Hi Lorenzo, > From your answer below, should I understand that, using PostgreSQL on > Syncope3, audit events *should* be logged in the database? If yes, then > could you please point me to any possible misconfiguration? > Regards > Lionel > > - Le 23 Nov 23, à 9:39, Lionel SCHWARZ a > écrit : > > Hi Lorenzo, > Indeed I use latest Syncope 3. The DB is stored on PostgreSQL. Looking > into the table auditentry, I could not find any items related to my custom > event. > Did I forget to setup something? > > Regards > Lionel > > - Le 21 Nov 23, à 17:50, Lorenzo Di Cola a > écrit : > > Hi Lionel, > please take care about where you're storing audit events, take care if > you're using PostgreSQL, Elasticsearch or other data-storage. > If you're using Elasticsearch you need to specify the right bean > definition in order to write and read audit events. > Of course I'm assuming you're on Syncope 3 version. > > HTH, > Best regards, > > > -- -- Lorenzo Di Cola Software Engineer @ Tirasa S.r.l. Viale Vittoria Colonna, 97 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net Apache Syncope Committer Syncope PMC Member at The Apache Software Foundation http://people.apache.org/phonebook.html?uid=loredicola
Re: CUSTOM events in Audit
Hi Lionel,
please take care about where you're storing audit events, take care if
you're using PostgreSQL, Elasticsearch or other data-storage.
If you're using Elasticsearch you need to specify the right bean definition
in order to write and read audit events.
Of course I'm assuming you're on Syncope 3 version.
HTH,
Best regards,
Il giorno mar 21 nov 2023 alle ore 14:50 Lionel SCHWARZ <
lionel.schw...@in2p3.fr> ha scritto:
> Hi all,
>
> I my custom code (in a flowable task) I trigger an event
> (notificationManager.createTasks()) declared as
> "[CUSTOM]:[]:[]:[rejectCreateAttach]:[SUCCESS]" and defined a mail
> notification on it. The notification works fine.
>
> As I want to audit this event I have enabled this event in the audit:
>
> {
> "key": "syncope.audit.[CUSTOM]:[]:[]:[rejectCreateAttach]:[SUCCESS]",
> "active": true
> }
>
> But I cannot find any entries in audit:
>
> GET '/audit/entries?type=CUSTOM'
> {
> "prev": null,
> "next": null,
> "result": [],
> "page": 1,
> "size": 0,
> "totalCount": 0
> }
>
> Am I missing something?
>
> Cheers
> Lionel
--
--
Lorenzo Di Cola
Software Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net
Apache Syncope Committer
Syncope PMC Member at The Apache Software Foundation
http://people.apache.org/phonebook.html?uid=loredicola
