Re: username and email

[Francesco Chicchiriccò]

On 19/02/2018 20:36, PeeDub wrote:

How would you go about configuring Syncope to require that a user uses email
as a username? I see that there is a way to configure a password policy, but
I can't see any way to configure a password policy (other than allowing
null) in the console. In addition, I see that there is a way to annotate a
custom class with @PasswordRuleConfClass (and I'm guessing that class is in
some maven artifact I don't have by default), but is there an easier way by
chance? There is a schema validator for email, for instance. I'm wondering
if there is some setting to either require that the email and username are
identical, or maybe that they have to use the email to log in, or failing
that, perhaps I could leverage the email schema validator to validate the
username as well?


Hi,
few items:

* you are free to use e-mail addresses as values for username (I did so 
for several projects): only, you'd need to add an Account Policy [1] 
with an instance of the DefaultAccountRule bearing a validation pattern 
to ensure that provided values are effectively e-mail addresses


* you are free to use another plain attribute (for example, email) for 
authentication - see the authentication.attributes configuration 
parameter [2]


* Account, Password and Pull Policies [3] can aggregate zero or more 
rules; for each type of policy, a default implementation is provided for 
common usage; annotations like as @AccountRuleConfClass and 
@PasswordRuleConfClass can be used to provide custom rules (but this is 
a quite advanced topic, lacking real examples in the documentation)


* From Admin Console, once you have created an Account, Password or Pull 
Policy, you'll need to add some rules in order to make them effective: 
[4] [5] [6].


HTH
Regards.

[1] https://syncope.apache.org/docs/reference-guide.html#policies-account
[2] 
https://syncope.apache.org/docs/reference-guide.html#configuration-parameters

[3] https://syncope.apache.org/docs/reference-guide.html#policies
[4] https://pasteboard.co/H8tNox3.png
[5] https://pasteboard.co/H8tNLcj.png
[6] https://pasteboard.co/H8tO58p.png

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: void return type for client API

[Francesco Chicchiriccò]

On 19/02/2018 18:21, PeeDub wrote:

I see that (for example) AccessTokenService.logout() returns a *void* type.
Wouldn't it be helpful to return a Response type such that you could
diagnose an error if it occurs? One could tell if it was successful or not
by the Response status code. As it is, you can not possibly tell from the
client API whether the call succeeded or not.


If you are using the Syncope Client Library, when any API call (either 
returning void or something else) does not succeed, the 
RestClientExceptionMapper [1] will turn the reported error into a proper 
Java exception.


Regards.

[1] 
https://github.com/apache/syncope/blob/2_0_X/client/lib/src/main/java/org/apache/syncope/client/lib/RestClientExceptionMapper.java


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Japanese Characters as Invalid Value

[Francesco Chicchiriccò]

On 20/02/2018 03:53, Jim wrote:

Good day,

I would like to ask if there is a configuration in Syncope that can be
change that will enable the user to add Japanese characters as a value(eg.
displayName = *any japanese character*) or is it a database configuration?
Any help/response is much appreciated Thank you!


Hi Jim,
I don't have any direct experience with Japanese, but I have with Arabic.

The only problems you might have are with database-level encoding: if 
you are using MySQL / MariaDB ensure that collation is UTF-8.


Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Japanese Characters as Invalid Value

[Jim]

Good day,

I would like to ask if there is a configuration in Syncope that can be
change that will enable the user to add Japanese characters as a value(eg.
displayName = *any japanese character*) or is it a database configuration?
Any help/response is much appreciated Thank you!

Regards,
Jim 

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

username and email

[PeeDub]

How would you go about configuring Syncope to require that a user uses email
as a username? I see that there is a way to configure a password policy, but
I can't see any way to configure a password policy (other than allowing
null) in the console. In addition, I see that there is a way to annotate a
custom class with @PasswordRuleConfClass (and I'm guessing that class is in
some maven artifact I don't have by default), but is there an easier way by
chance? There is a schema validator for email, for instance. I'm wondering
if there is some setting to either require that the email and username are
identical, or maybe that they have to use the email to log in, or failing
that, perhaps I could leverage the email schema validator to validate the
username as well?

Thanks in advance,

-
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: I desperately require assistance getting my Syncore installation to work in windows

[Eric-R82]

Here's what I have discovered that helped resolve my issue.

1. I had created a dedicated named instance for the Syncope database, but
that wasn't working so I moved it over to the default instance.

2. Authentication using a domain account didn't seem to work, so I set the
SQL installation to mixed mode and created a SQL user for the application to
connect as.



--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: Tomcat 9?

[PeeDub]

Thank you. We have decided to stick with the Java 8/Tomcat 8.5 setup for now.

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

void return type for client API

[PeeDub]

I see that (for example) AccessTokenService.logout() returns a *void* type.
Wouldn't it be helpful to return a Response type such that you could
diagnose an error if it occurs? One could tell if it was successful or not
by the Response status code. As it is, you can not possibly tell from the
client API whether the call succeeded or not.

Thanks,
Paul

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: I desperately require assistance getting my Syncore installation to work in windows

[Eric-R82]

I think I have potentially resolved the issue. I have it working using this
example webapp I found. I will now deploy the Syncope webapp and see if it
works.

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: I desperately require assistance getting my Syncore installation to work in windows

[Eric-R82]

Yes, I do see the file there.

 

I uninstalled tomcat and put on Java 8 instead then re-installed Tomcat. I
also moved the database to the SQL server default instance instead of a
named instance.

I still have no luck though. I will create a post in Tomcat forums (I know I
should have done that a while ago).

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: I desperately require assistance getting my Syncore installation to work in windows

[ilgrosso]

Just double-click on the downloaded JAR: you should find a directory
hierarchy as follows:

com/
  microsoft/
sqlserver/
  jdbc/

and in the inner folder, a file named

SQLServerDriver.class

Can you confirm?

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Re: I desperately require assistance getting my Syncore installation to work in windows

[Eric-R82]

I don't suppose you could direct me to way to check that. I am noob when it
comes to writing software and the last time I wrote java was years ago. I
will do the googling in the mean time.

--
Sent from: http://syncope-user.1051894.n5.nabble.com/

Syncope setup towards ADFS 3.0

[Mikael Ekblom]

Hi,

A short practical question: have anyone at Tirasa or someone else tried to use 
ADFS with Syncope for the SSO?

Any additional experiences from this would be appreciated to maybe save time 
over here.

I'm about to set up this now and will try to gather information along the way 
for future use. It did not just go through out of the box and I'm not sure now 
what is going on (ADFS let the request through) but Syncope still claims SAML 
token security failure, so I'll need to dissect the source code a bit.

Regards,

  Mikael


Mikael Ekblom
IT-Service manager
Arcada, IT

Jan-Magnus Janssons plats 1,
FIN-00560 Helsingfors,
Finland

TFn: +358 207 699 467
Mobil: +358 207 699 467