[jira] [Comment Edited] (SYNCOPE-136) Password required for resource subscription

[JIRA]

    [ 
https://issues.apache.org/jira/browse/SYNCOPE-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13568641#comment-13568641
 ] 

Francesco Chicchiriccò edited comment on SYNCOPE-136 at 2/1/13 10:50 AM:
-------------------------------------------------------------------------

What I am going to implement:

If password is not provided during resource subscription (e.g. when create() is 
performed on the underlying connector):
 * if AES is configured for user passwords, decrypt and use
 * if the propagating resource is configured for random password generation, 
generate using PasswordGenerator from SYNCOPE-121 and use
 * if none of the above, raise exception (as currently doing)
                
      was (Author: ilgrosso):
    What I am going to implement:

If password is not provided during resource subscription (e.g. when create() is 
performed on the underlying connector):
 * if AES is configured for user passwords, decrypt and use
 * if the propagating resource is configured for random password generation, 
generate using PasswordGenerator from SYNCOPE-121 and use
 * if none of the above, raise exception (as currently doing)

Additionally, for SyncTask, behind the current possibility to specify a JEXL 
expression for user template's password (to be used when creating users upon 
synchronization), random password generation will be also available as 
configuration option.
                  
> Password required for resource subscription
> -------------------------------------------
>
>                 Key: SYNCOPE-136
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-136
>             Project: Syncope
>          Issue Type: Improvement
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 1.1.0
>
>
> Currently, cleartext password is always required when subscribing to a new 
> external resource.
> However, in some cases (for example when passwords are stored with some 
> symmetric algorithm) this can be avoided.
> For example, it could be:
> Case 1: 2-way (a.k.a. symmetric) password cipher algorithm is configured in 
> Syncope
> Use decrypted password from SyncopeUser to subscribe new resource.
> Case 2: 1-way (a.k.a. hash or asymmetric) password cipher algorithm is 
> configured in Syncope and no clear-text password is available (for example, 
> passed via UserMod or provided by a synchronizing resource)
> Provide, on a resource-basis, a mean to configure how new password should be 
> generated:
>  * constant
>  * random password generation (compliant with resource password policy, if 
> present - see SYNCOPE-121)
>  * provide custom Java class
> Discussion thread: 
> http://syncope-dev.1063484.n5.nabble.com/new-password-issue-td5589622.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira