[
https://issues.apache.org/jira/browse/SYNCOPE-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14033918#comment-14033918
]
Colm O hEigeartaigh commented on SYNCOPE-505:
---------------------------------------------
{quote}
We should find a way then to instruct the connector that the specific password
value we are passing is already hashed: unfortunately, connector configuration
properties are only evaluated when creating a connector instance, so they
cannot be changed on-the-fly.
{quote}
Could we have a new (boolean) attribute (__HASHED_PASSWORD__) or something?
Alternatively, we could use a predefined prefix/suffix on the _PASSWORD_. Any
preferences?
{quote}
BTW, writing out the password only if SyncopeUser#getCipherAlgorithm matches
the configured value for the DB Connector hash algorithm (e.g. the same logic
of SYNCOPE-313) seems correct to me.
{quote}
Ok, sounds good. One query would be whether we should also follow this logic if
the DB Connector has a CLEARTEXT value? I think we should, but want to verify
it.
Colm.
> Support propagating non-cleartext passwords to external resources
> -----------------------------------------------------------------
>
> Key: SYNCOPE-505
> URL: https://issues.apache.org/jira/browse/SYNCOPE-505
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Francesco Chicchiriccò
> Assignee: Colm O hEigeartaigh
> Fix For: 1.2.0
>
>
> Similarly to SYNCOPE-313 during synchronization, it seems feasible to provide
> some Propagation Actions classes (say {{DBPasswordPropagationActions}} and
> {{LDAPPasswordPropagationActions}} that will propagate non-cleartext password
> values to external resources.
> This might require some changes in the related connector bundles.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
