[
https://issues.apache.org/jira/browse/SYNCOPE-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14040896#comment-14040896
]
Colm O hEigeartaigh commented on SYNCOPE-505:
---------------------------------------------
Hi Francesco,
I have this working for LDAP as well but wanted to validate my approach.
For the DB Connector we are sending an extra attribute over to tell the
Connector that the password is already hashed. For LDAP, we could do this as
well, but I implemented the "reverse" of the Sync Action. So if the configured
cipher algorithm of the user matches that of the LDAP Connector, it takes the
user password, "de-hexes" it + Base64 encodes it. It then writes out the same
type of value that it syncs, i.e. "{sha}XYZ...==".
The LDAP Connector needs a change to detect a password of this form "{" +
matching digest + "}" + "rest-of-password", and if so it simply stores the
received password "as is".
WDYT?
Colm.
> Support propagating non-cleartext passwords to external resources
> -----------------------------------------------------------------
>
> Key: SYNCOPE-505
> URL: https://issues.apache.org/jira/browse/SYNCOPE-505
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Francesco Chicchiriccò
> Assignee: Colm O hEigeartaigh
> Fix For: 1.2.0
>
>
> Similarly to SYNCOPE-313 during synchronization, it seems feasible to provide
> some Propagation Actions classes (say {{DBPasswordPropagationActions}} and
> {{LDAPPasswordPropagationActions}} that will propagate non-cleartext password
> values to external resources.
> This might require some changes in the related connector bundles.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
