Colm O hEigeartaigh created SYNCOPE-313:
-------------------------------------------
Summary: Support synchronizing non-cleartext passwords from
external resources
Key: SYNCOPE-313
URL: https://issues.apache.org/jira/browse/SYNCOPE-313
Project: Syncope
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Currently we can synchronize cleartext passwords from external resources.
However, we can't handle non-cleartext passwords, as they get treated as if
they are plaintext passwords when imported into Syncope, and hence hashed again
according to user.cipherAlgorithm().
This task is to treat an imported password as hashed according to a give cipher
algorithm configured on the connector (for example via 'Password Cipher
Algorithm' for the DB Connector).
This is specific to each individual connector, as for example for the DB
Connector, it might just be a hashed value stored in a table, whereas for LDAP
it'll be of the form "CIPHER}VALUE" etc.
Note that we we cannot refer to any specific connector bundle from inside the
SyncopeSyncResultHandler, hence we should find the cleanest place to
encapsulate the following logic:
if (password.isClearText()) {
// do as currently done
} else {
if (connector.isLDAP()) {
// extract cipher and value
} else if (connector.isDBTable()) {
// treat value as ciphered with the cipher defined in connector configuration
} else {
...
}
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
