[jira] [Created] (SYNCOPE-998) Migrate from SLF4J to Log4J2 API

[JIRA]

Francesco Chicchiriccò created SYNCOPE-998:
--

 Summary: Migrate from SLF4J to Log4J2 API
 Key: SYNCOPE-998
 URL: https://issues.apache.org/jira/browse/SYNCOPE-998
 Project: Syncope
  Issue Type: Improvement
Reporter: Francesco Chicchiriccò
 Fix For: 2.1.0


There are [good 
arguments|http://stackoverflow.com/questions/41498021/is-it-worth-to-use-slf4j-with-log4j2/41500347#41500347]
 to get rid of SLF4J API for logging.

Moreover, we do depend on some Log4J2 implementations (memory appenders, 
dynamic logger level update).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SYNCOPE-997) Angular transition errors

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo resolved SYNCOPE-997.
-
Resolution: Fixed

> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-997) Angular transition errors

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821964#comment-15821964
 ] 

ASF subversion and git services commented on SYNCOPE-997:
-

Commit 9c15f643a4f38cd86b6a4852896721d9d72ed824 in syncope's branch 
refs/heads/master from [~mdicarlo]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=9c15f64 ]

[SYNCOPE-997] update angular-ui-router


> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-997) Angular transition errors

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821962#comment-15821962
 ] 

ASF subversion and git services commented on SYNCOPE-997:
-

Commit 5e6242bb55f6bd725dc16a8a670ecb01f8b96d53 in syncope's branch 
refs/heads/2_0_X from [~mdicarlo]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=5e6242b ]

[SYNCOPE-997] update angular-ui-router


> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-997) Angular transition errors

[Matteo Di Carlo (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821937#comment-15821937
 ] 

Matteo Di Carlo commented on SYNCOPE-997:
-

Angular ui-router creates error messages with angular versions 1.6.0 and 1.6.1.
I've tried to update ui-router, but routing doesn't work at all.
So I left the actual version (0.2.18), and I did a temporarily workaround in 
app.js to hide error messages since there are no consequences in navigation.
The link to the related ui-router issue is 
https://github.com/angular-ui/ui-router/issues/2889.

> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-997) Angular transition errors

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821935#comment-15821935
 ] 

ASF subversion and git services commented on SYNCOPE-997:
-

Commit 9f7e0ac15813fb50f34992bc413729c8943cd6e5 in syncope's branch 
refs/heads/master from [~mdicarlo]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=9f7e0ac ]

[SYNCOPE-997] hide ui-router error messages


> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-997) Angular transition errors

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821934#comment-15821934
 ] 

ASF subversion and git services commented on SYNCOPE-997:
-

Commit 44a858dc9bd9d32c07ca19217117babefdc7b4df in syncope's branch 
refs/heads/2_0_X from [~mdicarlo]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=44a858d ]

[SYNCOPE-997] hide ui-router error messages


> Angular transition errors
> -
>
> Key: SYNCOPE-997
> URL: https://issues.apache.org/jira/browse/SYNCOPE-997
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
> Fix For: 2.0.2, 2.1.0
>
>
> Enduser returns the following transition errors:
> - transition superseded
> - transition prevented
> - transition aborted
> - transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SYNCOPE-997) Angular transition errors

[Matteo Di Carlo (JIRA)]

Matteo Di Carlo created SYNCOPE-997:
---

 Summary: Angular transition errors
 Key: SYNCOPE-997
 URL: https://issues.apache.org/jira/browse/SYNCOPE-997
 Project: Syncope
  Issue Type: Bug
  Components: enduser
Affects Versions: 2.0.1
Reporter: Matteo Di Carlo
Assignee: Matteo Di Carlo
 Fix For: 2.0.2, 2.1.0


Enduser returns the following transition errors:
- transition superseded
- transition prevented
- transition aborted
- transition failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (SYNCOPE-995) Character encoding not being respected

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo closed SYNCOPE-995.
---
Resolution: Duplicate

> Character encoding not being respected
> --
>
> Key: SYNCOPE-995
> URL: https://issues.apache.org/jira/browse/SYNCOPE-995
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
>
> Steps to reproduce the error:
> Register a new user and fill the fullname field with a name containing a 
> accented vowel.
> Edit the user just created: attribute fullname doesn't respect the encoding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SYNCOPE-995) Character encoding not being respected

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo updated SYNCOPE-995:

Fix Version/s: (was: 2.0.2)
   (was: 2.1.0)

> Character encoding not being respected
> --
>
> Key: SYNCOPE-995
> URL: https://issues.apache.org/jira/browse/SYNCOPE-995
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
>Reporter: Matteo Di Carlo
>Assignee: Matteo Di Carlo
>
> Steps to reproduce the error:
> Register a new user and fill the fullname field with a name containing a 
> accented vowel.
> Edit the user just created: attribute fullname doesn't respect the encoding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SYNCOPE-996) Replace Angular Bootstrap DateTimePicker with Kendo UI DateTimePicker

[Matteo Di Carlo (JIRA)]

Matteo Di Carlo created SYNCOPE-996:
---

 Summary: Replace Angular Bootstrap DateTimePicker with Kendo UI 
DateTimePicker
 Key: SYNCOPE-996
 URL: https://issues.apache.org/jira/browse/SYNCOPE-996
 Project: Syncope
  Issue Type: Improvement
  Components: enduser
Affects Versions: 2.0.1
Reporter: Matteo Di Carlo
 Fix For: 2.0.2, 2.1.0


Use Kendo UI DateTimePicker 
(http://demos.telerik.com/kendo-ui/datetimepicker/angular) instead of Bootstrap 
DateTimePicker.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SYNCOPE-992) Date not registered in self registration

[JIRA]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francesco Chicchiriccò resolved SYNCOPE-992.

Resolution: Fixed

> Date not registered in self registration
> 
>
> Key: SYNCOPE-992
> URL: https://issues.apache.org/jira/browse/SYNCOPE-992
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
> Environment: Tested with CentOS7 / Jdk8 / WildFly10 / MariaDB 1.5
>Reporter: PSYND
>Assignee: Francesco Chicchiriccò
> Fix For: 2.0.2, 2.1.0
>
>
> A date field is added to the USER schema.
> During the self-registration it can be correctly displayed (including the 
> calendar button) and it's also possible to change the way it is displayed 
> customizing the Conversion-Pattern from the Admin console.
> Once the creation (or modification) of the user is completed, the "green" 
> confirmation is displayed, but after the information is not stored into the 
> database.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-992) Date not registered in self registration

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821610#comment-15821610
 ] 

ASF subversion and git services commented on SYNCOPE-992:
-

Commit eded0eb3af5b96b513d934f19509bdf4b06e9df0 in syncope's branch 
refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=eded0eb ]

[SYNCOPE-992] Use millis to date conversion for create too (used to be set for 
update only) + fix JS onChange events for datepicker


> Date not registered in self registration
> 
>
> Key: SYNCOPE-992
> URL: https://issues.apache.org/jira/browse/SYNCOPE-992
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
> Environment: Tested with CentOS7 / Jdk8 / WildFly10 / MariaDB 1.5
>Reporter: PSYND
>Assignee: Francesco Chicchiriccò
> Fix For: 2.0.2, 2.1.0
>
>
> A date field is added to the USER schema.
> During the self-registration it can be correctly displayed (including the 
> calendar button) and it's also possible to change the way it is displayed 
> customizing the Conversion-Pattern from the Admin console.
> Once the creation (or modification) of the user is completed, the "green" 
> confirmation is displayed, but after the information is not stored into the 
> database.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SYNCOPE-992) Date not registered in self registration

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/SYNCOPE-992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821611#comment-15821611
 ] 

ASF subversion and git services commented on SYNCOPE-992:
-

Commit b30099b68ca105d097c261651b1a255de184556e in syncope's branch 
refs/heads/master from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=b30099b ]

[SYNCOPE-992] Use millis to date conversion for create too (used to be set for 
update only) + fix JS onChange events for datepicker


> Date not registered in self registration
> 
>
> Key: SYNCOPE-992
> URL: https://issues.apache.org/jira/browse/SYNCOPE-992
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
> Environment: Tested with CentOS7 / Jdk8 / WildFly10 / MariaDB 1.5
>Reporter: PSYND
>Assignee: Francesco Chicchiriccò
> Fix For: 2.0.2, 2.1.0
>
>
> A date field is added to the USER schema.
> During the self-registration it can be correctly displayed (including the 
> calendar button) and it's also possible to change the way it is displayed 
> customizing the Conversion-Pattern from the Admin console.
> Once the creation (or modification) of the user is completed, the "green" 
> confirmation is displayed, but after the information is not stored into the 
> database.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SYNCOPE-779) Use Kendo UI Boostrap DateTimePicker

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo updated SYNCOPE-779:

Description: Replace actual Bootstrap DateTimePicker component (Wicket 
7.2.0), that doesn't support all java date formats (see SYNCOPE-730), with 
Kendo UI DateTimePicker 
(http://demos.telerik.com/kendo-ui/datetimepicker/angular)  (was: Replace the 
actual Bootstrap DateTimePicker component (Wicket 7.2.0), that doesn't support 
all java date formats (see SYNCOPE-730), with Kendo UI DateTimePicker ( 
Check if there are further updates for this component. )

> Use Kendo UI Boostrap DateTimePicker
> 
>
> Key: SYNCOPE-779
> URL: https://issues.apache.org/jira/browse/SYNCOPE-779
> Project: Syncope
>  Issue Type: Improvement
>  Components: console
>Reporter: Marco Di Sabatino Di Diodoro
>Priority: Minor
> Fix For: 2.0.2, 2.1.0
>
>
> Replace actual Bootstrap DateTimePicker component (Wicket 7.2.0), that 
> doesn't support all java date formats (see SYNCOPE-730), with Kendo UI 
> DateTimePicker (http://demos.telerik.com/kendo-ui/datetimepicker/angular)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SYNCOPE-779) Use Kendo UI Boostrap DateTimePicker

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo updated SYNCOPE-779:

Description: 
Replace the actual Bootstrap DateTimePicker component (Wicket 7.2.0), that 
doesn't support all java date formats (see SYNCOPE-730), with Kendo UI 
DateTimePicker ( 
Check if there are further updates for this component. 

  was:
Bootstrap DateTimePicker component (Wicket 7.2.0) doesn't support all java date 
formats (see SYNCOPE-730). 
Check if there are further updates for this component. 


> Use Kendo UI Boostrap DateTimePicker
> 
>
> Key: SYNCOPE-779
> URL: https://issues.apache.org/jira/browse/SYNCOPE-779
> Project: Syncope
>  Issue Type: Improvement
>  Components: console
>Reporter: Marco Di Sabatino Di Diodoro
>Priority: Minor
> Fix For: 2.0.2, 2.1.0
>
>
> Replace the actual Bootstrap DateTimePicker component (Wicket 7.2.0), that 
> doesn't support all java date formats (see SYNCOPE-730), with Kendo UI 
> DateTimePicker ( 
> Check if there are further updates for this component. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SYNCOPE-779) Use Kendo UI Boostrap DateTimePicker

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo updated SYNCOPE-779:

Summary: Use Kendo UI Boostrap DateTimePicker  (was: Use Boostrap 
DateTimePicker)

> Use Kendo UI Boostrap DateTimePicker
> 
>
> Key: SYNCOPE-779
> URL: https://issues.apache.org/jira/browse/SYNCOPE-779
> Project: Syncope
>  Issue Type: Improvement
>  Components: console
>Reporter: Marco Di Sabatino Di Diodoro
>Priority: Minor
> Fix For: 2.0.2, 2.1.0
>
>
> Bootstrap DateTimePicker component (Wicket 7.2.0) doesn't support all java 
> date formats (see SYNCOPE-730). 
> Check if there are further updates for this component. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SYNCOPE-992) Date not registered in self registration

[Matteo Di Carlo (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SYNCOPE-992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Di Carlo updated SYNCOPE-992:

Assignee: Francesco Chicchiriccò  (was: Matteo Di Carlo)

> Date not registered in self registration
> 
>
> Key: SYNCOPE-992
> URL: https://issues.apache.org/jira/browse/SYNCOPE-992
> Project: Syncope
>  Issue Type: Bug
>  Components: enduser
>Affects Versions: 2.0.1
> Environment: Tested with CentOS7 / Jdk8 / WildFly10 / MariaDB 1.5
>Reporter: PSYND
>Assignee: Francesco Chicchiriccò
> Fix For: 2.0.2, 2.1.0
>
>
> A date field is added to the USER schema.
> During the self-registration it can be correctly displayed (including the 
> calendar button) and it's also possible to change the way it is displayed 
> customizing the Conversion-Pattern from the Admin console.
> Once the creation (or modification) of the user is completed, the "green" 
> confirmation is displayed, but after the information is not stored into the 
> database.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: [IAM PoC] Starting with implementation

[Francesco Chicchiriccò]

On 13/01/2017 10:30, Pierre Smits wrote:

Ok. Thanks.

I guess one of the next steps will be to change the password of the 
admin userid to make it more secure.


Definitely.
Not an hard task, though:

https://syncope.apache.org/docs/reference-guide.html#set-admin-credentials

Regards.

On Fri, Jan 13, 2017 at 9:26 AM, Francesco Chicchiriccò 
> wrote:


Hi all,
I honestly do not see the point of putting any effort (yet) in
puppetizing the configurations on syncope-vm2.

syncope-vm2 is the VM we are using to implement a PoC, not a
production environment.

For example, I had to install the OpenLDAP packages to load the
ASF Directory dump, in order to have a reference external resource
for Syncope. I would not expect this in a production machine.

The work to be done there is currently about configuring Syncope
(mainly via Admin UI) and possibly developing some extension
classes, to be part of the sources hosted at

https://git-wip-us.apache.org/repos/asf/iampoc.git


with purpose of building a replacement for https://id.apache.org

I expect such work not to be completed anytime son, partly because
it is inherently complex, partly because it is done in my own
spare time.

I agree, indeed, that:

1. leaving all ports open to the wild is not good (especially
because there is currently an OpenLDAP instance loaded with the
dump from the official ASF Directory), so I have configured
iptables to refuse connections on all ports but SSH (see
/root/iptables.sh, currently saved via iptables-persistence to
survive restarts)

At the moment I can easily work with SSH port forwarding; I expect
to re-open the ports 80 and 443, to allow connections to

* http://idm-poc.apache.org/syncope
, redirecting to
https://idm-poc.apache.org/syncope

* http://idm-poc.apache.org/syncope-console
, redirecting to
https://idm-poc.apache.org/syncope-console

* http://idm-poc.apache.org/syncope-enduser
, redirecting to
https://idm-poc.apache.org/syncope-enduser


as already configured by Pierre.

Note: I don't see any reason to enable the Syncope Swagger
extension, hence it is perfectly expected that

/syncope/swagger

returns nothing.

2. being the tomcat8 packages installed, there is almost no reason
(but the unavailability of Tomcat 8.5 as deb package, but this is
another story...) to use the manual Tomcat deployment under /opt,
I will remove that soon

Regards.

On 12/01/2017 22:58, Pierre Smits wrote:

Tony,

Francesco didn't install the syncope wars in/on the puppet
configured
Tomcat, but did a new Tomcat installation in /opt.

So we need to figure out how to do that correction there, or
redeploy
syncope in the puppet controlled Tomcat.

On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson
> wrote:

On Jan 12, 2017, at 1:22 PM, Pierre Smits
> wrote:

Please do not use the syncope implementation via the
unencrypted tomcat port 8080/

Then configure tomcat to only listen on loopback, or only
allow access
from the local interface then.  Better yet change the
firewall rules. Or do
both. ;)

Assuming the VM is in puppet the firewall rules should be
a few lines of
config.


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: [IAM PoC] Starting with implementation

[Pierre Smits]

Ok. Thanks.

I guess one of the next steps will be to change the password of the admin
userid to make it more secure.

Best regards,



Pierre Smits

ORRTIZ.COM 
OFBiz based solutions & services

OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/

On Fri, Jan 13, 2017 at 9:26 AM, Francesco Chicchiriccò  wrote:

> Hi all,
> I honestly do not see the point of putting any effort (yet) in puppetizing
> the configurations on syncope-vm2.
>
> syncope-vm2 is the VM we are using to implement a PoC, not a production
> environment.
>
> For example, I had to install the OpenLDAP packages to load the ASF
> Directory dump, in order to have a reference external resource for Syncope.
> I would not expect this in a production machine.
>
> The work to be done there is currently about configuring Syncope (mainly
> via Admin UI) and possibly developing some extension classes, to be part of
> the sources hosted at
>
> https://git-wip-us.apache.org/repos/asf/iampoc.git
>
> with purpose of building a replacement for https://id.apache.org
>
> I expect such work not to be completed anytime son, partly because it is
> inherently complex, partly because it is done in my own spare time.
>
> I agree, indeed, that:
>
> 1. leaving all ports open to the wild is not good (especially because
> there is currently an OpenLDAP instance loaded with the dump from the
> official ASF Directory), so I have configured iptables to refuse
> connections on all ports but SSH (see /root/iptables.sh, currently saved
> via iptables-persistence to survive restarts)
>
> At the moment I can easily work with SSH port forwarding; I expect to
> re-open the ports 80 and 443, to allow connections to
>
> * http://idm-poc.apache.org/syncope, redirecting to
> https://idm-poc.apache.org/syncope
> * http://idm-poc.apache.org/syncope-console, redirecting to
> https://idm-poc.apache.org/syncope-console
> * http://idm-poc.apache.org/syncope-enduser, redirecting to
> https://idm-poc.apache.org/syncope-enduser
>
> as already configured by Pierre.
>
> Note: I don't see any reason to enable the Syncope Swagger extension,
> hence it is perfectly expected that
>
> /syncope/swagger
>
> returns nothing.
>
> 2. being the tomcat8 packages installed, there is almost no reason (but
> the unavailability of Tomcat 8.5 as deb package, but this is another
> story...) to use the manual Tomcat deployment under /opt, I will remove
> that soon
>
> Regards.
>
> On 12/01/2017 22:58, Pierre Smits wrote:
>
>> Tony,
>>
>> Francesco didn't install the syncope wars in/on the puppet configured
>> Tomcat, but did a new Tomcat installation in /opt.
>>
>> So we need to figure out how to do that correction there, or redeploy
>> syncope in the puppet controlled Tomcat.
>>
>> On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson 
>> wrote:
>>
>> On Jan 12, 2017, at 1:22 PM, Pierre Smits  wrote:

 Please do not use the syncope implementation via the unencrypted tomcat
 port 8080/

>>> Then configure tomcat to only listen on loopback, or only allow access
>>> from the local interface then.  Better yet change the firewall rules. Or
>>> do
>>> both. ;)
>>>
>>> Assuming the VM is in puppet the firewall rules should be a few lines of
>>> config.
>>>
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
>

Re: [IAM PoC] Starting with implementation

[Francesco Chicchiriccò]

Hi all,
I honestly do not see the point of putting any effort (yet) in 
puppetizing the configurations on syncope-vm2.


syncope-vm2 is the VM we are using to implement a PoC, not a production 
environment.


For example, I had to install the OpenLDAP packages to load the ASF 
Directory dump, in order to have a reference external resource for 
Syncope. I would not expect this in a production machine.


The work to be done there is currently about configuring Syncope (mainly 
via Admin UI) and possibly developing some extension classes, to be part 
of the sources hosted at


https://git-wip-us.apache.org/repos/asf/iampoc.git

with purpose of building a replacement for https://id.apache.org

I expect such work not to be completed anytime son, partly because it is 
inherently complex, partly because it is done in my own spare time.


I agree, indeed, that:

1. leaving all ports open to the wild is not good (especially because 
there is currently an OpenLDAP instance loaded with the dump from the 
official ASF Directory), so I have configured iptables to refuse 
connections on all ports but SSH (see /root/iptables.sh, currently saved 
via iptables-persistence to survive restarts)


At the moment I can easily work with SSH port forwarding; I expect to 
re-open the ports 80 and 443, to allow connections to


* http://idm-poc.apache.org/syncope, redirecting to 
https://idm-poc.apache.org/syncope
* http://idm-poc.apache.org/syncope-console, redirecting to 
https://idm-poc.apache.org/syncope-console
* http://idm-poc.apache.org/syncope-enduser, redirecting to 
https://idm-poc.apache.org/syncope-enduser


as already configured by Pierre.

Note: I don't see any reason to enable the Syncope Swagger extension, 
hence it is perfectly expected that


/syncope/swagger

returns nothing.

2. being the tomcat8 packages installed, there is almost no reason (but 
the unavailability of Tomcat 8.5 as deb package, but this is another 
story...) to use the manual Tomcat deployment under /opt, I will remove 
that soon


Regards.

On 12/01/2017 22:58, Pierre Smits wrote:

Tony,

Francesco didn't install the syncope wars in/on the puppet configured
Tomcat, but did a new Tomcat installation in /opt.

So we need to figure out how to do that correction there, or redeploy
syncope in the puppet controlled Tomcat.

On Thu, Jan 12, 2017 at 10:48 PM, Tony Stevenson  wrote:


On Jan 12, 2017, at 1:22 PM, Pierre Smits  wrote:

Please do not use the syncope implementation via the unencrypted tomcat port 
8080/

Then configure tomcat to only listen on loopback, or only allow access
from the local interface then.  Better yet change the firewall rules. Or do
both. ;)

Assuming the VM is in puppet the firewall rules should be a few lines of
config.


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/