Fixed: apache/syncope#7441 (master - 75bf23a)
Build Update for apache/syncope - Build: #7441 Status: Fixed Duration: 1 hr, 1 min, and 30 secs Commit: 75bf23a (master) Author: Andrea Patricelli Message: creating remediation also from exceptions on pullActions, also fixing… (#269) (#271) * enabling remediation creation also from exceptions on pullActions View the changeset: https://github.com/apache/syncope/compare/1b5e713f966d...75bf23a78c91 View the full build log and details: https://travis-ci.com/github/apache/syncope/builds/227283320?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the apache/syncope repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=16807214&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[GitHub] [syncope] andrea-patricelli merged pull request #271: enabling remediation create also from exceptions on pullActions (#269)
andrea-patricelli merged pull request #271: URL: https://github.com/apache/syncope/pull/271 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Broken: apache/syncope#7436 (master - 1b5e713)
Build Update for apache/syncope - Build: #7436 Status: Broken Duration: 48 mins and 53 secs Commit: 1b5e713 (master) Author: Francesco Chicchiriccò Message: Various Elasticsearch improvements and cleanup View the changeset: https://github.com/apache/syncope/compare/3fe8f6521a6b...1b5e713f966d View the full build log and details: https://travis-ci.com/github/apache/syncope/builds/227264817?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the apache/syncope repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=16807214&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: Some docs improvements
On 26/05/21 13:38, Colm O hEigeartaigh wrote: Hi Francesco, 1. The docs (https://syncope.apache.org/docs/2.1/getting-started.html#moving-forward) state that the "secretKey" value is only needed if adminPasswordAlgorithm or password.cipher.algorithm is "AES", implying that it could be left blank if you are not using AES. However, I see CipherAlgorithm.AES in the source code in several places (e.g. ./core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java), which implies that secretKey should always be required. Which is correct? That's correct, docs need to be adjusted. OK I can do this. Is it possible though to state exactly what reversible encryption is used for in Syncope? This kind of information might be needed for compliance purposes. AES (the only CipherAlgorithm capable of reversible encryption) is used: * (as any other CipherAlgorithm defined) for admin and User authentication * (as any other CipherAlgorithm defined) for Binary Plain Attribute values * in case cleartext version of user password is not available, during propagation to External Resources - typically, when propagation is not triggered as consequence of a REST operation * for Linked Accounts' password values * to securely store Access Token's cached authorities * within DefaultPasswordRule and HaveIBeenPwnedPasswordRule, to check password value against defined policies secretKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties If the provided value is less than 16 characters length, it gets padded before usage at https://github.com/apache/syncope/blob/master/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java#L151-L161 I think this implementation is a bit problematic. Because the "secretKey" is alphanumeric there is no way for a customer to generate a truely random AES key. It would be a lot better if we supported storing the key in a hex or base-64 encoded form. Then we can just tell customers they can create a random key via e.g. openssl rand -hex 32 Secondly, it would be more secure if we didn't specify any value by default in security.properties, but used SecureRandom to generate a value if none exists on start-up + write this out instead. I think we can change things on master without worrying too much about breaking existing deployments (but not on other branches). I am not sure to figure out where to store the generate random value on startup (in case it was not provided) so that next runs will find it. anonymousKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties Together with anonynousUser (whose value is 'anonymous' by default), it is used for non security-sensitive REST calls, as an alternative to leaving some endpoints accessible without any authentication. Again, should we instead leave it empty by default + generate a secure value without having this hard-coded value? Same thoughts as above. Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[GitHub] [syncope] ilgrosso merged pull request #270: Bump upgrades: CXF, Camel, OpenJPA, Elasticsearch, Tycho, cargo-maven2-plugin
ilgrosso merged pull request #270: URL: https://github.com/apache/syncope/pull/270 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Canceled: apache/syncope#7436 (master - 1b5e713)
Build Update for apache/syncope - Build: #7436 Status: Canceled Duration: 6 mins and 14 secs Commit: 1b5e713 (master) Author: Francesco Chicchiriccò Message: Various Elasticsearch improvements and cleanup View the changeset: https://github.com/apache/syncope/compare/3fe8f6521a6b...1b5e713f966d View the full build log and details: https://travis-ci.com/github/apache/syncope/builds/227264817?utm_medium=notification&utm_source=email Restart your build: https://travis-ci.com/github/apache/syncope/builds/227264817?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the apache/syncope repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=16807214&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Broken: apache/syncope#7436 (master - 1b5e713)
Build Update for apache/syncope - Build: #7436 Status: Broken Duration: 6 mins and 55 secs Commit: 1b5e713 (master) Author: Francesco Chicchiriccò Message: Various Elasticsearch improvements and cleanup View the changeset: https://github.com/apache/syncope/compare/3fe8f6521a6b...1b5e713f966d View the full build log and details: https://travis-ci.com/github/apache/syncope/builds/227264817?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the apache/syncope repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=16807214&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[GitHub] [syncope] andrea-patricelli opened a new pull request #271: enabling remediation create also from exceptions on pullActions (#269)
andrea-patricelli opened a new pull request #271: URL: https://github.com/apache/syncope/pull/271 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [syncope] andrea-patricelli merged pull request #269: creating remediation also from exceptions on pullActions, also fixing…
andrea-patricelli merged pull request #269: URL: https://github.com/apache/syncope/pull/269 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [syncope] ilgrosso opened a new pull request #270: Bump upgrades: CXF, Camel, OpenJPA, Tycho, cargo-maven2-plugin
ilgrosso opened a new pull request #270: URL: https://github.com/apache/syncope/pull/270 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [syncope] andrea-patricelli commented on pull request #269: creating remediation also from exceptions on pullActions, also fixing…
andrea-patricelli commented on pull request #269: URL: https://github.com/apache/syncope/pull/269#issuecomment-850264678 > @andrea-patricelli it seems that Travis CI is failing at https://travis-ci.com/github/apache/syncope/builds/227158553#L6736 > > ``` > PullTaskITCase.remediationSinglePull:845 Should not arrive here > ``` I've checked locally and reproduced the error, going to fix -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [syncope] ilgrosso commented on pull request #269: creating remediation also from exceptions on pullActions, also fixing…
ilgrosso commented on pull request #269: URL: https://github.com/apache/syncope/pull/269#issuecomment-850197309 @andrea-patricelli it seems that Travis CI is failing at https://travis-ci.com/github/apache/syncope/builds/227158553#L6736 ``` PullTaskITCase.remediationSinglePull:845 Should not arrive here ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org