Re: Dumb question I assume ...
Also, do I need to download anything before upgrading or is that handled by the maven build? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Dumb question I assume ...
So, DO NOT rerun the GUI installer? How would one rebuild and redeploy? Those were handled automatically by the GUI installer, I believe. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Dumb question I assume ...
... but I can't seem to find out the proper way (hopefully an easy way) to upgrade Syncope from 2.0.7 to 2.0.8. This was originally a UI installation on Windows Server/Tomcat. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Is there a way to search for users that are members of a group
There was supposed to be a "D'OH!" emoji in there Thanks - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Is there a way to search for users that are members of a group
I must have looked at that twenty times and still didn't see the difference between a $ and a ? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Is there a way to search for users that are members of a group
Thanks for that. I was searching all over for FIQL but didn't search for "search"... So I tried this: - On syncope-console, added group "BrandA" - Edited user "bellini2" (was experimenting with username change) and added group BrandA - went to swagger, executed basic user search (no criteria) and got a user back with the following: - then executed a search for users with the fiql "?groups==BrandA" (which had a curl of: but did not get any users back. Is there something else I need to do? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: User can't login if username changes
OK, thanks. Completely didn't see any of the approval process notifications. So yes, we will temporarily add the step of removing the access token when changing a username. Is that a bug you have entered? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Is there a way to search for users that are members of a group
Tried using FIQL, but not sure how it would work in this case. I realize you can actually get the group, but there may be further query parts on finding the users. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
User can't login if username changes
I have seen this in API as well as on http://syncope-vm.apache.org:9080/syncope-enduser If a user changes her username (say from "julius" to "juliuscaesar") the user is not able to log in with the new username (OR with the old username). I have confirmed using syncope-console that the system recognizes that the username has changed. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
OK, done. Issue is here: https://issues.apache.org/jira/browse/SYNCOPE-1308 - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
OK, that was the problem. Our Postgres was *TOO* new. I downgraded to 9.6 and it works. You might check out running on Postgres 10.3. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
We are already using the very latest postgres: 10.3. This is coming from the official dockerhub image. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
OK, I updated the jdbc driver (had to do it by writing a wget download
command rather than using apt-get) and Syncope to 2.0.8, and I'm still
getting the error.
I should note that I am ordering by a schema attribute (which works on the
Syncope REST endpoint.)
Here's the full stack trace:
org.apache.syncope.common.lib.SyncopeClientException: DataIntegrityViolation
[ERROR: UNION types integer and text cannot be matched
Position: 158 {prepstmnt 1156037144 SELECT u.any_id,sva.stringvalue AS
email FROM (SELECT DISTINCT any_id FROM user_search WHERE id IS NOT NULL) u,
(SELECT * FROM user_search_attr UNION SELECT * FROM user_search_null_attr)
sva WHERE u.any_id=sva.any_id AND sva.schema_id='email' AND u.any_id IN
(SELECT any_id FROM user_search WHERE realm_id IN (SELECT id AS realm_id
FROM Realm WHERE id=?)) ORDER BY email ASC} [code=0, state=42804]]
at
org.apache.syncope.common.lib.SyncopeClientException.build(SyncopeClientException.java:37)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:143)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)
at com.sun.proxy.$Proxy64.search(Unknown Source)
at com.gal.ums.services.UsersService.getUsers(UsersService.java:65)
-
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
OK, I see. They jumped all the way from 9.4 to 42 at some point recently. I'll see if I can figure out why apt-get is only getting the latest 9.4. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
The "latest" postgres on dockerhub is 10.3. And when I do an apt-get install for libpostgresql-jdbc-java it brings down version 9.4.1212-1. What library are you using that you're getting version 42 something? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
I'll check. I'm using the "latest" versions for a docker build. Are you using Syncope 2.0.7 or .8? I haven't updated that yet. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
It doesn't look like my "raw" text is being posted. This is the code:
UserService service = client.getService(UserService.class);
AnyQuery query = new AnyQuery.Builder()
.page(page)
.size(pageSize)
.orderBy(orderBy)
.realm("/")
.build();
return service.search(query);
And this is the exception:
org.apache.syncope.common.lib.SyncopeClientException: DataIntegrityViolation
[ERROR: UNION types integer and text cannot be matched
Position: 158 {prepstmnt 58276975 SELECT u.any_id,sva.stringvalue AS email
FROM (SELECT DISTINCT any_id FROM user_search WHERE id IS NOT NULL) u,
(SELECT * FROM user_search_attr UNION SELECT * FROM user_search_null_attr)
sva WHERE u.any_id=sva.any_id AND sva.schema_id='email' AND u.any_id IN
(SELECT any_id FROM user_search WHERE realm_id IN (SELECT id AS realm_id
FROM Realm WHERE id=?)) ORDER BY email ASC} [code=0, state=42804]]
-
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
So I tried using this via the SyncopeClient: And I get a SyncopeClientException with the following: Am I doing something wrong? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Order by descending/ascending
Awesome, thanks! I thought that I had tried that, but perhaps I used a wrong attribute name, now that I think of it. - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Order by descending/ascending
Is there a way to specify whether the orderby attribute (specifically for user search in this case) is ascending or descending? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Entitlements
Thanks, I'll look into it. ilgrosso wrote > ...and let me repeat that contributions are always welcome ;-) > Regards. Oh, I know! I used to work on open source. :) - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Entitlements
I just ran across the limitation on adding to entitlements. I'm confused. Is the intention of the entire Syncope application to manage users' ability to change the Syncope application? Is it not to manage users' ability to do things outside of the Syncope application? This shoots a hole in our whole intention. How hard is it to dynamically update the entitlements in Syncope? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Authentication exceptions in client
In a related question. I created a user and gave that user a basic ADMIN role on the "/" realm with only the "USER_CREATE" entitlement, and I get a ForbiddenException (javax.ws.rs.ForbiddenException: Access is denied) for that user. Should this user not be able to create a user via the client? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Authentication exceptions in client
Hello,
I tried creating a user by
- creating a client with an incorrect token
SyncopeClient client = getSyncopeClientFactory().create("gobbledygook");
- retrieving the service
UserService service = client.getService(UserService.class);
- invoking the call
Response response = service.create(user);
But this resulted in a web service exception
(javax.xml.ws.WebServiceException: Remote exception with status code:
INTERNAL_SERVER_ERROR) at this point, not any kind of authentication
exception. Should I be doing some sort of authentication before sending the
call at this point? Otherwise what sort of authentication error should I be
receiving?
-
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Realms
What is the typical use case for using Realms? Is it typically to segregate users of different (let's say) "features" of an application (such as open users vs pay users)? Or is it more typically to segregate different classes of users (such as internal admins vs normal users or faculty vs students)? Trying to figure out how/if to leverage realms ... - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Soft delete users
I see how to bring up that floating menu, but I couldn't for the life of me figure out how to use it. I see now that you have to select the ... realm? ... and then select the gear and do a bulk update (?) and then select the icon for enabling/disabling. I hope the endpoint is a little more straightforward. :) - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Soft delete users
I can't see how to do this in the console. I'm guessing it's fairly obvious in the REST API? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Soft delete users
Is there an existing mechanism to allow soft delete of users (deactivate, rather than delete, lets' say) that would allow user metadata to stay in the system but would not allow login? - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
username and email
How would you go about configuring Syncope to require that a user uses email as a username? I see that there is a way to configure a password policy, but I can't see any way to configure a password policy (other than allowing null) in the console. In addition, I see that there is a way to annotate a custom class with @PasswordRuleConfClass (and I'm guessing that class is in some maven artifact I don't have by default), but is there an easier way by chance? There is a schema validator for email, for instance. I'm wondering if there is some setting to either require that the email and username are identical, or maybe that they have to use the email to log in, or failing that, perhaps I could leverage the email schema validator to validate the username as well? Thanks in advance, - Paul Fullbright -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Tomcat 9?
Thank you. We have decided to stick with the Java 8/Tomcat 8.5 setup for now. -- Sent from: http://syncope-user.1051894.n5.nabble.com/
void return type for client API
I see that (for example) AccessTokenService.logout() returns a *void* type. Wouldn't it be helpful to return a Response type such that you could diagnose an error if it occurs? One could tell if it was successful or not by the Response status code. As it is, you can not possibly tell from the client API whether the call succeeded or not. Thanks, Paul -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Tomcat 9?
Does Syncope support Tomcat 9? I'm hoping maybe the documentation is just slightly old. -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: In-depth REST documentation
That's fantastic! Has that been done for all the endpoints? -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: In-depth REST documentation
It is a useful tool, but I have found that none of the sample calls ever work. For instance, to create a new user, the sample JSON does not have the @class property, which is required. -- Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: In-depth REST documentation
I am aware of those resources. Of note is that documentation: - does not describe what fields are required and which are optional - does not mention requied fields such as "@class" - does not list values for certain constrained fields (such as "type") I am guessing that this list is my best hope for such questions? -- Sent from: http://syncope-user.1051894.n5.nabble.com/
In-depth REST documentation
Hello, I wonder if there is some in-depth documentation for using the REST API for Syncope somewhere. It took me forever to realize that I needed to add an "@class" attribute to my JSON for self registration, and that it needed to have the value "org.apache.syncope.common.lib.to.UserTO". Is there somewhere where this kind of information is captured? -- Sent from: http://syncope-user.1051894.n5.nabble.com/
